WebIRC block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

The webirc block allows you to configure host spoofing for WebIRC / CGI:IRC gateways you trust, see WebIRC Support

This block was previously called cgiirc { }

Syntax

webirc {
        mask 1.2.3.4; /* ip or host mask */
	type <webirc|old>; /* optional, webirc is the default */
	password <password>;
};

type is 'webirc' by default, 'old' is really really old and this method will be removed soon, so don't use it.

mask is checked against the client (the WebIRC or CGI:IRC gateway) that is trying to connect.

password is the webirc password

How to configure with method 'webirc' (recommended method)

In both your web IRC client software and UnrealIRCd you have to set the same webirc password.

Example with KiwiIRC

The example below configures KiwiIRC and UnrealIRCd. Note that this is just an example, if you use something other than KiwiIRC you edit that instead of the KiwiIRC-side.

KiwiIRC-side

Edit kiwiirc's config.js as follows (note: this is NOT a complete configuration file, it just shows 3 important sections):

// WebIRC passwords enabled for this server
conf.webirc_pass = {
    "irc1.yournetwork.org":        "ThisIsMySecretWebIRCPassword"
};

// Default settings for the client. These may be changed in the browser
conf.client = {
    server: 'irc1.yournetwork.org',
    port:    6697,
    ssl:     true,
    channel: '#test',
    nick:    'kiwi_?'
};
// or use conf.restrict_server etc... to achieve the same effect (see example config.js file).

// What matters is that the server name in conf.client or conf.restrict_server
// match the server name in conf.webirc_pass (and use the right password).
// So be sure to replace BOTH the irc1.yournetwork.org instances with the same server name.

// Now something else... "send ip as username"....
// Be sure *NOT* to list your server here !!!!
// If you add it here, then the IP will show up in the ident. This is NOT what you want
// as the IP is already sent via WEBIRC. Doing so would reveal the users' IP to everyone which is bad.
conf.ip_as_username = [
    "xxxx"
];

UnrealIRCd-side

Then, in your unrealircd.conf you add a webirc block:

webirc {
	mask 127.0.0.1;
	password "ThisIsMySecretWebIRCPassword";
};

except throttle {
        mask 127.0.0.1;
};

The Except throttle block block is highly recommended, so your webirc server is not seen as connection flooding. Without it, users may not be able to connect during peaks or after a server restart.

How to configure with method 'old'

IMPORTANT: This is a really old method and it will be removed soon. Don't use it.

NOTE: This is not the recommended method since it has two disadvantages: this method will send the IP/host to spoof as a server password, meaning you cannot specify a server password as a CGI:IRC user. Additionally, access control is only IP-based and does not require an extra password like the 'webirc' method. In short, you probably should not be using this method unless you have a good reason to do so.

In your CGI:IRC configuration file (cgiirc.conf) you set realhost_as_password to 1. Then, in your unrealircd.conf you add a cgiirc block to allow this host.

Example

In your CGI:IRC configuration file (cgiirc.conf) you add:

realhost_as_password = 1

Then, in your unrealircd.conf you add a webirc block:

webirc {
	type old;
	mask 1.2.3.4;
};