View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004470 | unreal | documentation | public | 2015-11-26 14:07 | 2015-12-09 20:38 |
| Reporter | blank | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 4.0.0-rc5 | ||||
| Summary | 0004470: connect-flood and WebIRC users | ||||
| Description | connect-flood doesn't seem to use the passed real IP address but the server IP address causing users to receive notices about being throttled as they're connecting from 127.0.0.1 workaround: use except throttle {}; block as suggested by DBoyz can it be changed to perform the connect-flood checking on the passed real IP address instead? | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
* connect-flood is checked right after accept() - so when the tcp/ip connection is established but no data has been read or processed yet * the IRCd only knows that something is a webirc connection after it has received the WEBIRC command (or the old pass style) So in that respect there's no way to reverse the check. What I _could_ do is, as soon as the WEBIRC command is received and authenticated, delete the entry holding that particular IP in the connect-flood table. That could work. BUT, if there is enough lag between accepting the tcp/ip connection and reading the WEBIRC line, then connections may still be considered as flooding. So: either implement a solution that "works most of the time" or add clear documentation saying you should add an except throttle block. *** Irrespective of the above there is another request in this report: connection throttling based on the user IP passed by WEBIRC. I suppose that could be added, yes. I do feel that the webirc server also has a responsibility here, though. |
|
|
I've updated the example at https://www.unrealircd.org/docs/WebIRC_block#How_to_configure_with_method_.27webirc.27_.28recommended_method.29 |
|
|
I'd go for the second option (documentation) as it's cleaner. |
|
|
I agree. I'm marking this as fixed since the documentation has been updated. I've split off the other request to 0004489 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-11-26 14:07 | blank | New Issue | |
| 2015-11-28 11:56 | syzop | Note Added: 0018887 | |
| 2015-11-28 11:59 | syzop | Note Added: 0018888 | |
| 2015-12-09 20:30 | blank | Note Added: 0018911 | |
| 2015-12-09 20:35 | syzop | Category | ircd => documentation |
| 2015-12-09 20:36 | syzop | Issue cloned: 0004489 | |
| 2015-12-09 20:36 | syzop | Relationship added | related to 0004489 |
| 2015-12-09 20:37 | syzop | Note Added: 0018913 | |
| 2015-12-09 20:37 | syzop | Status | new => resolved |
| 2015-12-09 20:37 | syzop | Fixed in Version | => 4.0.0-rc5 |
| 2015-12-09 20:37 | syzop | Resolution | open => fixed |
| 2015-12-09 20:37 | syzop | Assigned To | => syzop |
