Hi,
I use ejabberd 16.06 and have internal and anounymous authentication enabled for my host. Is it possible to allow anonymous login only from a specific IP address? I want to use a web chat that runs on localhost and only from this IP it should be possible to use anonymous login.
How can I configure it?
greetings, Philip.
Since the last release or so,
Since the last release or so, ejabberd's ACL definition can use the ip address, so you can then define an Access rule where some IPs are allowed and the others are denied. The problem is that Access rules are not read by authentication method, or by vhost. They are read by listener (for example the 5222 port listener, or the 5223 port listener).
Thinking of that, I can see a solution, quite dirty, but maybe it's enough for you. Lets say you now have example.org with internal and anonymous authentication. Change that, so:
- example.org is defined, its auth methhod is internal only, set in the 5222 listener an access rule where only server "example.org" is allowed.
- define a new chost, called anon.example.org, its auth method is anonymous only, set a new 5232 listener (or any other number you want), and in that listener set an access that allows only server "anon.example.org", and allows only ip "whatver you want", and denies everything else.