Page 1 of 1

Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 6:01 am
by ka0s_dev
Hi everyone.

So, I've been fiddling with this for a few days, and apparently I cannot seem to wrap my head around how the setup should be.

What I want to accomplish is basically to close off all access to my ircd, with the exception of allowing connections coming from our LightIRC client on a webserver, now I've been looking into the WebIRC block, however it doesn't make really make any sense to me.

So here I am, ready for any suggestions that may help me get further in this.

The IRCd should not accept any connections if they're not coming from our LightIRC client (Would be beneficial if I could actually identify these clients into their own respective class, i.e. {webirc} (Has dedicated IP). (Obviously there will be a operator backdoor with IP whitelist).

How would I go around doing that?

Thanks in advance.

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 8:26 am
by CrazyCat
Well, seems hard to do: LightIRC sends the user IP, I'm not sure you can get a way to identify a webirc connection.
Something you can do is to force the userid param to a known value (something like 'lightirc') and add rules:

Code: Select all

ban user { mask *@*; reason "Client not allowed";};
except ban { mask lightirc@*; };
except ban { mask *@a.white.listed; }
...

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 8:37 am
by ka0s_dev
As the matter of fact, I could randomize a identity string i.e.

params.ident = "webirc_%"

So it just looks after

Code: Select all

except ban { mask webirc_*@*; };
However this does in fact render another issue, because then you could in theory just config another webirc with the same ident string, and it would allow it, so it's vital that it's bound to only accept connections from i.e. webirc.domain.tld or from IP.

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 8:55 am
by Jobe
Because lightIRC connects from the user's computer it's pretty much impossible to prevent someone from being able to connect their own client setup to look like lightIRC.

However if you use a client such as qwebirc or kiwiirc you will be able to restrict connections only to the server running qwebirc or kiwiirc.

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 9:40 am
by ka0s_dev
Jobe1986 wrote: Mon Jun 17, 2019 8:55 am Because lightIRC connects from the user's computer it's pretty much impossible to prevent someone from being able to connect their own client setup to look like lightIRC.

However if you use a client such as qwebirc or kiwiirc you will be able to restrict connections only to the server running qwebirc or kiwiirc.
It appears so, however I cannot use qwebirc or kiwiirc seeing as we're using the webcam module in LightIRC, there's another way I think, I can just make a passworded connection for LightIRC, but first I need to figure out how to hide the configuration file for LightIRC as it'll be pointless if people can see the config.

But thanks for the suggestion though :)

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 9:46 am
by CrazyCat
I agree with Jobe1986.
And more: flash will be stopped at the end of 2020 (read https://theblog.adobe.com/adobe-flash-update/), so you have to found an alternative.
Install a kiwiirc on your server and you'll control your connections as you need

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 10:00 am
by ka0s_dev
CrazyCat wrote: Mon Jun 17, 2019 9:46 am I agree with Jobe1986.
And more: flash will be stopped at the end of 2020 (read https://theblog.adobe.com/adobe-flash-update/), so you have to found an alternative.
Install a kiwiirc on your server and you'll control your connections as you need
That is true, and we have a replacement HTML5 chat with WebRTC in development for the cut-over in 2020, however it's very bareboned right now and not ready for production, so we figure we might as well just run with this solution until the cut over phase in 2020.

I'll fiddle about with hiding the configuration, that way I can most likely achieve what I want to do :mrgreen:

Thanks for all the suggestions.

Re: Restrict connections only coming from LightIRC client.

Posted: Mon Jun 17, 2019 6:01 pm
by djsxx1984
Also, the new UI from Kiwi has a sort of webcam module :)

https://github.com/kiwiirc/plugin-conference

Re: Restrict connections only coming from LightIRC client.

Posted: Tue Jun 18, 2019 5:16 am
by ka0s_dev
djsxx1984 wrote: Mon Jun 17, 2019 6:01 pm Also, the new UI from Kiwi has a sort of webcam module :)

https://github.com/kiwiirc/plugin-conference
Oh that looks interesting, thanks for the tip!