Hi David, > We looked at server side and client side filtering and went for client side > at the moment because we have our own client application with server side to > be added later. > > We intercept link activity and call out to a web service that gives us a > 'clean/dirty' result and categorises the link, eg, news, sport etc. > > We're planning and ejabberd module server side that does the same for all > stanzas routed via the platform.
So the XMPP server, in your case ejabberd is (will be) used to authenticate, provide IP layer filtering and layer-7 deep packet inspection. In other words, moving away from the firewall or IDS layer-7 inspection. Thus, you get to use TLS end-to-end and perform traditional firewall filtering. Now that I think of it, I presume when one filters based on a whitelist or blacklist that there is some network stack hooks that check the IP address of the packet before it reaches the XMPP application layer? I have just come across IMSpector in that last 5 minutes. http://www.imspector.org/ It appears to be able to filter XMPP packets. regards, Paddy.
