# address in the ident sent by the user. This is not recommended as it
# only works with IPv4 connections.
#
-# When using this method you must specify a wildcard mask or CIDR range to
-# allow gateway connections from.
-#
-# <cgihost type="ident" mask="198.51.100.0/24">
-# <cgihost type="ident" mask="*.ident.gateway.example.com">
+# When using this method you must specify a wildcard mask or CIDR range to allow
+# gateway connections from. You can also optionally configure the static value
+# that replaces the IP in the ident to avoid leaking the real IP address of
+# gateway clients (defaults to "gateway" if not set).
+#
+# <cgihost type="ident"
+# mask="198.51.100.0/24"
+# newident="wibble">
+# <cgihost type="ident"
+# mask="*.ident.gateway.example.com"
+# newident="wobble">
#
# By default gateway connections are logged to the +w snomask. If you
# do not want this to happen then you can uncomment this to disable it.
#<module name="flashpolicyd"> #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Real name ban: Implements extended ban 'r', which stops anyone
-# matching a mask like +b r:*realname?here* from joining a channel.
+# Real name ban: Implements two extended bans: #
+# 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real* #
+# 'r', which matches a realname mask like +b r:*realname?here* #
#<module name="gecosban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="nicklock">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No CTCP module: Adds the channel mode +C to block CTCPs and extban
-# 'C' to block CTCPs sent by specific users.
+# No CTCP module: Adds the channel mode +C and user mode +T to block
+# CTCPs and extban 'C' to block CTCPs sent by specific users.
#<module name="noctcp">
+#
+# The +T user mode is not enabled by default to enable link compatibility
+# with 2.0 servers. You can enable it by uncommenting this:
+#<noctcp enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No kicks module: Adds the +Q channel mode and the Q: extban to deny
# WebSocket connections. Compatible with SSL/TLS.
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
+#
+# If you use the websocket module you MUST specify one or more origins
+# which are allowed to connect to the server. You should set this as
+# strict as possible to prevent malicious webpages from connecting to
+# your server.
+# <wsorigin allow="https://webchat.example.com/*">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules)