Allow block Server Password - Suddenly stopped working? :|

Belgarion · Post by **Belgarion** » Mon Jul 02, 2007 12:24 am

Hi folks, this is hopefully something I've simply overlooked, but I can't seem to figure it out.

Quite simply, I have a server password set up in my clients allow block, as the server is web-based. All has been working fine for the last week. However for reasons I cann't yet explain, the password it now ineffective. No Password mismatch errors, no /pass requirement - nothing

I don't see any reason why it would stop, I have not altered the unrealircd.conf in any way since it was working.

I don't think posting my allow bock is of any use, it's exactly as you'd expect.

Any ideas where to start looking for a possible solution?

Post by **Jobe** » Mon Jul 02, 2007 9:06 am

It wouldnt simply just stop working. Therefore you have to have change somthing.

So can you please post ALL your allow blocks, not just the afected one or check for any that dont have a password specified or any that do and have nopasscont option.

Belgarion · Post by **Belgarion** » Mon Jul 02, 2007 10:10 am

There are 2 allow blocks -

Code: Select all

allow {
	ip                  *@*;
	hostname       *@*;
	class              clients;
	password        "******";
        maxperip        3;		

};

allow {
	ip             *@*;
	hostname       [email protected];
	class           clients;
        maxperip 1;

};

Just to be on the safe side, I tried it without the scrawl block, but it made no difference.

Post by **Jobe** » Mon Jul 02, 2007 2:28 pm

In theory the *@* for the ip value will match everyone in the lower allow block. Also it is worh noting that the scrawl bots from SearchIRC use varying ident's so you will need to use *@data.searchirc.org

The documentation says the allow blocks ip or host values matching works on a one of the other per allow block. So it may be neccesary to set the ip value of the second allow block to somthing specific such as the IP that scrawl bots connect from which is "72.64.145.20" if I am not mistaken, although they do say that changes from time to time.

Belgarion · Post by **Belgarion** » Mon Jul 02, 2007 3:52 pm

Code: Select all

allow {
	ip             *@*;
	hostname       *@*;
	class           clients;
	password       "******";
maxperip 3;		

};

allow {
	ip             72.64.145.20;
	hostname       *@data.searchirc.org;
	class          clients;
maxperip 1;

};

Made the changes you suggested, but connections can still be made without supplying a password

Is there something else that would directly influence the ability to connect to a port without requiring to supply the password?

Post by **Jobe** » Tue Jul 03, 2007 11:13 am

THe IP param should be *@IP

Also the only way you could still connect without a password is if there is another allow block nearer the bottom of the unrealircd.conf with *@* for IP or host.

Bear in mind it could be in another included file if you use any include's below those.

GouroB · Post by **GouroB** » Wed Jul 04, 2007 10:09 pm

ok look at this

allow {
ip *@*.charter.com;
hostname *@*;
class clients;
password "banglacafe";
maxperip 10;
};

this was suppose to ask for pass any one from charter.com, but its not doing so

allow {
ip *@24.*;
hostname *@*;
class clients;
password "banglacafe";
maxperip 10;
};

so tried to do it by ip.... same not working

allow {
ip *@24.*;
hostname *@24.*;
class clients;
password "banglacafe";
maxperip 10;
};

this one aint working aswell

allow {
ip *@64.251*;
hostname *@64.251.*;
class clients;
password "banglacafe";
maxperip 10;
};

now this is another ip ,... when i tried this one its working, asking for pass ... any idea ?

Post by **Jobe** » Thu Jul 05, 2007 11:38 am

In general they dont actually ask for a passowrd, what they do is deny connections WITHOUT a password or where the password supplied doesnt match.

GouroB · Post by **GouroB** » Thu Jul 05, 2007 1:06 pm

Yep ... Jobe1986, thats what i wanna do , it should deny connection from these certain ip's if the users fails to provide password... but it seems its not working for all isp/ip's ... so any idea ... whats going wrong in here ?

Post by **Jobe** » Thu Jul 05, 2007 3:20 pm

Since allow blocks are read from the bottom of the file upwards you need to put the most restrictive nearer the bottom, and the least near the top.

GouroB · Post by **GouroB** » Thu Jul 05, 2007 3:28 pm

never mind solved it... docs really rocks :p

loll anyways any one tried these optional options in allow blocks ?

allow {
ip <user@ip-connection-mask>;
hostname <user@host-connection-mask>;
class <connection-class>;
password <connection-password> { <auth-type>; };
maxperip <max-connections-per-ip>;
redirect-server <server-to-forward-to>;
redirect-port <port-to-forward-to>;
options {
<option>;
<option>;
...
};
};

oh one more thing .... is it posible to let the users to know the server password when they will see that a password is needed ? becoz few ip's should be banned coz most proxies r from them ( like comcast ) but since a good number of users comes from there so theyactually cant be banned .... domain wise. so i was trying to use this way.