* Impose a throttle on OPER attempts regardless of whether they caused a
password check.
* Never disconnect the client on a failed attempt, even if there was a
password check.
* Change error numeric to ERR_NOOPERHOST
* Explicit information about the failure in the server log (copying Insp)
Fixes#2296.
* Explain reverse proxy setup for websockets
* Update MANUAL.md
Clarify that we only support `X-Forwarded-For`
---------
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
* MANUAL.md: correct shebangs
* docs/{USERGUIDE,MANUAL}.md: mention amode +v joining through +i
* MANUAL.md: add a FAQ on special privileges of AMODEs
* USERGUIDE.md: add missing channel name
* MANUAL.md: mention that special privileges are cumulative
* Revert "MANUAL.md: correct shebangs"
This reverts commit 75a77c55370089f2b144abc4104db5e13dcc2cb7.
* MANUAL.md: restore syntax highlighting for python3
- Environment variable prefix
- DNSBL repo URI
- Project and repo names in link to Docker-specific instructions
- Docker container and volume names in docker run command
1. Fix auth bypass in the default configuration with the addition of
server.password (the REGISTER command was allowed before connection
registration, allowing unauthenticated users to REGISTER and then
take advantage of skip-server-password)
2. Caution operators against the use of require-sasl without disabling
user-initiated account registration. (Such a configuration is still valid
in the case of a public server that requires everyone to register.)
AWAY status should be tracked per-session:
1. With auto-away enabled, away status is aggregated across sessions
(if any session is not away, the client is not away, else use
the away status that was set most recently)
2. With auto-away disabled, we get the legacy behavior where AWAY
applies directly to the client
