Restrict connections only coming from LightIRC client.

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Locked
ka0s_dev
Posts: 5
Joined: Thu Jun 06, 2019 7:34 am

Restrict connections only coming from LightIRC client.

Post by ka0s_dev »

Hi everyone.

So, I've been fiddling with this for a few days, and apparently I cannot seem to wrap my head around how the setup should be.

What I want to accomplish is basically to close off all access to my ircd, with the exception of allowing connections coming from our LightIRC client on a webserver, now I've been looking into the WebIRC block, however it doesn't make really make any sense to me.

So here I am, ready for any suggestions that may help me get further in this.

The IRCd should not accept any connections if they're not coming from our LightIRC client (Would be beneficial if I could actually identify these clients into their own respective class, i.e. {webirc} (Has dedicated IP). (Obviously there will be a operator backdoor with IP whitelist).

How would I go around doing that?

Thanks in advance.
CrazyCat
Posts: 215
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:

Re: Restrict connections only coming from LightIRC client.

Post by CrazyCat »

Well, seems hard to do: LightIRC sends the user IP, I'm not sure you can get a way to identify a webirc connection.
Something you can do is to force the userid param to a known value (something like 'lightirc') and add rules:

Code: Select all

ban user { mask *@*; reason "Client not allowed";};
except ban { mask lightirc@*; };
except ban { mask *@a.white.listed; }
...
ka0s_dev
Posts: 5
Joined: Thu Jun 06, 2019 7:34 am

Re: Restrict connections only coming from LightIRC client.

Post by ka0s_dev »

As the matter of fact, I could randomize a identity string i.e.

params.ident = "webirc_%"

So it just looks after

Code: Select all

except ban { mask webirc_*@*; };
However this does in fact render another issue, because then you could in theory just config another webirc with the same ident string, and it would allow it, so it's vital that it's bound to only accept connections from i.e. webirc.domain.tld or from IP.
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Restrict connections only coming from LightIRC client.

Post by Jobe »

Because lightIRC connects from the user's computer it's pretty much impossible to prevent someone from being able to connect their own client setup to look like lightIRC.

However if you use a client such as qwebirc or kiwiirc you will be able to restrict connections only to the server running qwebirc or kiwiirc.
Your IP: Image
Your Country: Image
ka0s_dev
Posts: 5
Joined: Thu Jun 06, 2019 7:34 am

Re: Restrict connections only coming from LightIRC client.

Post by ka0s_dev »

Jobe1986 wrote: Mon Jun 17, 2019 8:55 am Because lightIRC connects from the user's computer it's pretty much impossible to prevent someone from being able to connect their own client setup to look like lightIRC.

However if you use a client such as qwebirc or kiwiirc you will be able to restrict connections only to the server running qwebirc or kiwiirc.
It appears so, however I cannot use qwebirc or kiwiirc seeing as we're using the webcam module in LightIRC, there's another way I think, I can just make a passworded connection for LightIRC, but first I need to figure out how to hide the configuration file for LightIRC as it'll be pointless if people can see the config.

But thanks for the suggestion though :)
CrazyCat
Posts: 215
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:

Re: Restrict connections only coming from LightIRC client.

Post by CrazyCat »

I agree with Jobe1986.
And more: flash will be stopped at the end of 2020 (read https://theblog.adobe.com/adobe-flash-update/), so you have to found an alternative.
Install a kiwiirc on your server and you'll control your connections as you need
ka0s_dev
Posts: 5
Joined: Thu Jun 06, 2019 7:34 am

Re: Restrict connections only coming from LightIRC client.

Post by ka0s_dev »

CrazyCat wrote: Mon Jun 17, 2019 9:46 am I agree with Jobe1986.
And more: flash will be stopped at the end of 2020 (read https://theblog.adobe.com/adobe-flash-update/), so you have to found an alternative.
Install a kiwiirc on your server and you'll control your connections as you need
That is true, and we have a replacement HTML5 chat with WebRTC in development for the cut-over in 2020, however it's very bareboned right now and not ready for production, so we figure we might as well just run with this solution until the cut over phase in 2020.

I'll fiddle about with hiding the configuration, that way I can most likely achieve what I want to do :mrgreen:

Thanks for all the suggestions.
djsxx1984
Posts: 2
Joined: Sat Jul 02, 2016 11:20 pm

Re: Restrict connections only coming from LightIRC client.

Post by djsxx1984 »

Also, the new UI from Kiwi has a sort of webcam module :)

https://github.com/kiwiirc/plugin-conference
ka0s_dev
Posts: 5
Joined: Thu Jun 06, 2019 7:34 am

Re: Restrict connections only coming from LightIRC client.

Post by ka0s_dev »

djsxx1984 wrote: Mon Jun 17, 2019 6:01 pm Also, the new UI from Kiwi has a sort of webcam module :)

https://github.com/kiwiirc/plugin-conference
Oh that looks interesting, thanks for the tip!
Locked