https://www.ejabberd.im/forum/25527/anonymous-authentification-only-localhost en https://www.ejabberd.im/forum/25527/anonymous-authentification-only-localhost#comment-66955 <p>Since the last release or so, ejabberd's ACL definition can use the ip address, so you can then define an Access rule where some IPs are allowed and the others are denied. The problem is that Access rules are not read by authentication method, or by vhost. They are read by listener (for example the 5222 port listener, or the 5223 port listener).</p> <p>Thinking of that, I can see a solution, quite dirty, but maybe it's enough for you. Lets say you now have example.org with internal and anonymous authentication. Change that, so:<br /> - example.org is defined, its auth methhod is internal only, set in the 5222 listener an access rule where only server "example.org" is allowed.<br /> - define a new chost, called anon.example.org, its auth method is anonymous only, set a new 5232 listener (or any other number you want), and in that listener set an access that allows only server "anon.example.org", and allows only ip "whatver you want", and denies everything else.</p> Mon, 18 Jul 2016 16:43:43 +0000 badlop comment 66955 at https://www.ejabberd.im