OPBan Extended IP Policies (V0.7i) - SuperWebAdmin intergrated
===============================================================

What it is
~~~~~~~~~~
640K RAM is enough for anybody, right? Hindsight is a wonderful thing but, for
whatever reason, UnrealTournament is lumbered with a limit of 50 IP policies.
For many this is not a problem, but when you run a public server and have a
kewl cheat detector you rapidly run out of ways to ban people.

[Note: UT451 extends the UT banlist to 256 policies - OPBan will work with
the UT451 list, correctly sussing there are 256 instead of 50 policies
and adjusting the maths as appropriate. Unfortunately, readme files can't
be so clever.]

OPBan extends the UT IP policy list by implementing a second list, currently
allowing a further 250 entries. The OPBan policy list works independantly of
the UT list and adds a few features. You can use the UT list exclusively, the
OPBan list, or both.

Additionally, OPBan inplements a 250-slot temporary ban list. A policy
list allows specification of allowed IP addresses as well as banned
addresses (so, for instance, a range of IPs can be banned yet some IPs
within that range can still be allowed). The ban list just implements bans
(either singly or as a range).

How it works
~~~~~~~~~~~~
OPBan checks a player's IP address against the OPBan IP policies when a player
is first spawned in a game. If the policy says he's banned then the player is
kicked. Note that this works differently from the UT policy - the player gets
to download any mods and maps he needs to play the game, and /then/ he's
kicked. Hey, you don't want to make it easy on him, right?

The goodies
~~~~~~~~~~~
There are a number of features to OPBan other than simple kicking of banned
players. Check 'em out:

Policy cleaning: OPBan will check the UT policy list and, optionally, ensure
that you never have more than 40 entries by moving entries from the start of
the UT list to the OPBan list. It does this every time a level starts, so with
a full UT list you can add 10 more entries during a game before running out of
space. Start a new game and you have 10 more slots to use. UT policy entries
are removed from the start of the list, so you never find the last ones you
added disappearing. This feature can be disabled if you wish.

Dynamic Banning: This features allows to give ban to a player for a period of time.
This time can be set in days or number of maps. When a player is banned his nick
and a reason for the ban are also saved.

Kicking players: If a player is banned under the OPBan policy he'll get kicked
when he first spawns in a game. You can turn this feature off if you wish -
this effectively disables OPBan.

Announcements: When a player is kicked a message is displayed on all players
screens to announce the kick (with his IP and nick). This feature is useful
when your server is supplied by a Jolt-like ISP (see below) but can be
disabled. Optionally, the announcement tag (i.e. what prefixes the
announcement) can be specified.

Mass edits: The OPBan and Dynamic Bans policy can be edited via a WebAdmin page, 
just like the one built into the UT WebAdmin (but there's more of it). 
But dealing with 250 entries can be a drag, so OPBan allows you to edit 
the policies (both OPBan and UT) in a normal text box. You can cut'n'paste from here 
so you can copy the lot to a file for backup, or restore, or whatever takes your fancy. 
Be careful - this is a powerful feature you may regret playing with.

Automaton mass edits: See below.


ISP Goodies
~~~~~~~~~~~
Not everyone has unfettered access to their UT server - many servers are
supplied by ISPs running more than one process on a box. By default, OPBan uses
its own configuration file (opbans.ini) so the server config file doesn't fill
up with dross (and OPBan can be removed easily). However, several UT processes
on the same box may end up looking at the same opban.ini (sometimes useful,
mostly not) so OPBan can be told to use the server config file instead. To
enable this feature make the following entry in the server config file:

        [SuperWebAdmin.OPBan]
        bUseSystemIni=True

Naturally, this can also be set via the WebAdmin options page but if you, as an
ISP, don't trust your server admins not to mess with this setting then you can
disable it by adding this entry to the same section in the server config:

        bLockIniChoice=True

With this added, whatever bUseSystemIni is set to cannot be changed via
WebAdmin. The only way to change either of these settings then is to manually
edit the server configuration file.

If your server is provided by an ISP that doesn't, for one reason or another,
allow you access to the server logs, the kick announcements are for you. Turn
them on (as per the default) and any player kicked by OPBan is announced with a
message on everyone's screen. Why is this useful? Well, if you're running an
IRC reporter bot then this announcement will show up in IRC too, and you
can check your IRC logs to see what's going on. Sometimes it's useful to
know how often banned players try their luck, and the announcements allow
you to gain this information even though you can't get to the server logs.

Settings
~~~~~~~~
If you want to configure OPBan before running it, or without using WebAdmin,
these are the options (giving the defaults):

        [SuperWebAdmin.OPBanConfigXX]         for 'XX' see below
        bCleanPolicy=True             Keep UT policy <= 40 entries
        bKickPlayers=True             Kick OPBan banned players
        bAnnounceKicks=True           Announce the kickings
        AnnounceTag=OPBan             Prefix the announcements with 'OPBan'
        sAutoName=                    Login name for automatons (see below)
        sAutoPass=                    Login password for automatons
        sTrustName=                   Login name for trustees
        sTrustPass=                   Login password for trustees
        DefBanMaps=                   Default temporary ban map count
        DefBanDays=                   Default temporary ban day count

The exact section heading depends on whether the configuration file is
opbans.ini or the server config file. Replace XX in the above according to how
your config file choice is set thus:

        [OPBan.OPBanConfigOP]     =   opbans.ini
        [OPBan.OPBanConfigUT]     =   server config file

Automatons
~~~~~~~~~~
OPBan is a standalone application for UT, but it came about as part of a system
for implementing a global ban list across a number of servers. In this system a
central site holds a ban list which is contributed to by a number of trusted
admins - once a cheat is caught, the admin uploads the cheater's details to
this central database. Periodically, a UT policy is generated from the database
and distributed to participating servers. Whereas in the past a cheater
would move on to another server once he was banned on one, now he gets
blocked from playing on any of the servers automagically.

To aid the automatic upload of a policy to OPBan, a number of HTTP pages are
generated by OPBan which lack the normal HTML dross that us humans find so
pretty. The distribution application can thus parse the output from OPBan
relatively simply without having to deal with meaningless tags.

These HTML-less pages are accessed using a different name and password from the
rest of OPBan. Two purposes are served by this: human admins don't get troubled
by pages they shouldn't see, and the central site distributing the policy
doesn't get to know the admin name and password for your server.

Details of the mechanism by which automatons may access OPBan are available but
beyond the scope of this document. The facility is only enabled if both the
automaton name and password are set - the default setting is to leave these
blank which prevents any access.

Disclaimer
~~~~~~~~~~
OPBan works on my system (Windows, UT 436) and my Jolt-supplied server. It
should also work for you, but you take the full risk of running OPBan on your
server.

Credits
~~~~~~~
Several clued-up people helped out by not offering to write OPBan for me, yet
nevertheless were patient with n00b questions. Y'all did me a favour by making
me learn UnrealScript (and HTML/JavaScript) and pointing me at interesting info
(or other people!).

Many websites out there offer tutorials on various aspects relevant to this
project, and all were invaluable. Of special mention I found myself drawn again
and again to the Unreal Wiki - http://wiki.beyondunreal.com/wiki/Home_Page - an
excellent resource for scripting Unreal.

For learning how things can be done - and how they shouldn't be done :-O -
nothing beats actual source. The guys at Epic provide huge amounts of it with
UnrealTournament, and a number of existing mods provided useful insights.
Thanks to anyone whose code I inadvertently lifted after studying it.

OPBan was go a few versions back, but it was a damp squib compared to the
current version. Thanks to Bry@Jolt for ideas and the insistence that certain
features MUST be in it, and then farting around with our server so we could try
'em out on real players.

Contact
~~~~~~~
Got a suggestion, complaint, or just want to send me most of your lottery
winnings? Try these:

        email: PurplePants@oldephartes.co.uk

        IRC: #phartes@irc.quakenet.eu.org


