I want to self-host lemmy and participate in federation. However, I wonder whether it’s possible to have a setup where only I, and trusted users, are allowed to browse federated-content.
Basically, guests should not be allowed to use my instance to browse other federated content. So requests to “mydomain.tld/c/whatever@otherdomain.tld” should not be possible. Only users, logged-in on my instance, should be able to do that.
Despite that, guests should be allowed to see posts of communities posted on my instance, and users of other instances should be allowed to comment.
I know I can choose with which other instances mine should link with, but this would make the experience inconvenient to me. Because then I would need to adjust the config if I want to subscribe to a community on an instance I have not yet linked with.
Is such setup possible? Could not find the answer in the docs unfortunately
The only thing I can think of is something like blocking UI requests, and allow them only from localhost (so I would create a “ssh -L” tunnel on the server). Federation API endpoints would not be blocked. But this seems shaky, does Lemmy support a cleaner, built-in solution?
That’d be really nice as a feature.
My main concern on my end is someone using my instance to go browse some illegal content off another instance, and now I’m legally on the hook for it because now my instance is publicly serving that content.
Exactly this is what I am worried about, you can get into trouble quickly. Good luck explaining to lawyers/judges that it’s not your content actually but just federation. Even if you could, in most jurisdictions you wouldn’t be off-the-hook anyway.
I said it in a higher comment with other info but try looking up a remote community that isn’t already known by an instance, without being logged in. It won’t look it up for you and just silently fail. If unwanted content is what you’re worried about unfortunately a malicious actor can basically just drop content directly into your instance without prior notice if your federation is open. This is why db0 is working on systems that will in the future work like shared blacklists (opt-in of course).
Seriously if you really want to host your own instance, it is more or less your responsibility as an admin to moderate that instance. That includes purging and blocking unwanted contents. There is no way to avoid that.
As for your suggestion, it largely boils down to restricting anonymous access to the search related APIs in an instance. It is no doubt a good feature, espeically for read-only instances. I think you can create an issue about it in Github to get more visibility from the devs.