ejabberd - Comments for "Clustering + Mod_Rest Configuration"

As a side note, I discovered

Zach Calvert — Tue, 22 Nov 2011 00:35:53 +0000

As a side note, I discovered this falls apart if using Java's built in HttpURLConnection -- see http://stackoverflow.com/questions/7648872/can-i-override-the-host-heade...

Very nice, it does indeed

Zach Calvert — Mon, 21 Nov 2011 23:27:16 +0000

Very nice, it does indeed work. Thank you very much for your heads up!

For future reference, is there a document or something that I'm missing on these modules? I can't seem to find much in the way of docs on some of these ACLs and EJabberD modules.

Zach Calvert wrote: {hosts,

mfoss — Mon, 21 Nov 2011 20:22:24 +0000

Zach Calvert wrote:

{hosts, ["ecs.dev", "centora"]}.

This is a dirty trick. It works, I am not aware why this should be a problem initially. But please try this alternative:

Your client sets the TCP connection to "centora", but your HTTP query should have as "Host" request header one of the XMPP domain names that you configured in ejabberd.cfg

For example, if you have configured: {hosts, ["ecs.dev"]}.
Then this should work:

$ telnet centora 5280
POST /rest HTTP/1.1
Host: ecs.dev
Content-Length: 85
whatever

if you try this, please confirm if it works too, or not.

Hmmm, very odd. I just

Zach Calvert — Mon, 21 Nov 2011 19:33:13 +0000

Hmmm, very odd. I just discovered that I can simply update the hosts file to have

{hosts, ["ecs.dev", "centora"]}.

and it seems to allow me to create ecs.dev users even though the plugin is activated as centora. Does this leave security holes open, or am I missing something of danger here?

Thanks,
Zach Calvert