For the old 4.x series
Moderators: Gottem, Supporters
- Posts: 1
- Joined: Fri Dec 14, 2018 7:47 pm
This module is really helpful in terms of network security, it jails unsecured/non-tls users in specified channel (so you can help them to configure their clients for TLS usage) and restrict them from messages (they are only can send messages to the jail channel)/commands/aliases usage, they are also can't leave that channel and can't join any other channels on the network, this will protect your network channels from leaking/etc.. without the need of +z mode, but just do not abuse with it, as it is really powerful.
Code: Select all
# allow this ips/hosts/etc to bypass any restrictions
# channel to jail users
# notify client on-connect (show available TLS ports/enabled procotols)
# restrict commands
# list of allowed commands
- UnrealIRCd head coder
- Posts: 1933
- Joined: Sat Mar 06, 2004 8:57 pm
- Location: .nl
Haven't used it myself, but this module sounds quite useful if you want to move your network to 100% SSL/TLS.
This is what I would do:
- Make sure you have SSL/TLS correctly configured on the server, like using "real" SSL/TLS certificates that are valid for your server name(s).
- Set up a Strict Transport Security policy https://www.unrealircd.org/docs/Set_blo ... sts-policy (with a short duration, to be safe)
- This will make sure STS-capable clients will automatically be redirected to an SSL/TLS port. No need to do anything for these users.
- All other clients, the clients that are not STS-capable, can be joined to a channel by this module. This allows staff to manually help/instruct those users to enable SSL/TLS in their client.