I have a problem with getting 'ip_access' parameter working. Here is the configuration I'm using:
ejabberd 2.1.5
...
{ip_access, [{allow, "127.0.0.0/8"},
{deny, "0.0.0.0/0"}]}
...
But still, server accept registration requests coming from non-localhost. Even when I omit the allow part and server should be denying every registration request, it doesn't.
Any ideas what could be the issue?
---
Thanks for your replies.
Sevenood wrote: ejabberd
ejabberd 2.1.5
...
{ip_access, [{allow, "127.0.0.0/8"},
{deny, "0.0.0.0/0"}]}
...
Even when I omit the allow part and server should be denying every registration request, it doesn't.
Any ideas what could be the issue? .
I try with ejabberd 2.1.9.
Then I configure like this:
{modules, [ {mod_register, [ {ip_access, [{deny, "0.0.0.0/0"}]}, {welcome_message, {"Welcome!", "Hi.\nWelcome to here."}}, {access_from, all}, {access, register} ]}, ... ]}.When a user tries to register, he gets "forbidden" error. If I add an allow part like in your example, then the user can register.
We've finally figured out,
We've finally figured out, that the problem of non-functional ip_access was caused by this clause on the other place of configuration:
%%% ===============
%%% LISTENING PORTS
{listen,
[
{5222, ejabberd_c2s, [
inet6,
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536},
starttls, {certfile, "/etc/ejabberd/cert/ejabberd-jabber.ics.muni.cz.pem"}
]},
After omiting the highlighted part, the ip_access restricts access as it should.
So apparently there is a problem with that in case the server is accessed/accessible via IPv6. Is there any chance for this to be fixed/added to ejabberd?
Thanks for your replies.