Page 1 of 1

proxy

Posted: Fri Mar 25, 2016 1:18 pm
by BitingBummer
Hi,
I've started using a reversed-proxy. I noticed "Packet port rejections" that started to appear in my event log.
What does it mean?

Thank you.

Re: proxy

Posted: Fri Mar 25, 2016 5:02 pm
by Kent Briggs
Most likely, you have "Max PP connections per IP" set and that's being exceeded because all incoming connections are coming from your proxy server. If you have the ability to get your proxy server to send a custom header that contains the player's true IP, then use the "Proxy IP header" setting to read that. Otherwise, set "Max PP connections per IP" to 0.

Re: proxy

Posted: Fri Mar 25, 2016 5:56 pm
by BitingBummer
Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?

Re: proxy

Posted: Fri Mar 25, 2016 6:17 pm
by Kent Briggs
BitingBummer wrote:Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?
Where are you seeing that?

Re: proxy

Posted: Fri Mar 25, 2016 6:21 pm
by Kent Briggs
Oh, HTTP error 429 (Too Many Requests). Yes, the server returns that code when it rejects connections that exceed your stated limits. So yeah, it's directly related.

Re: proxy

Posted: Sat Mar 26, 2016 4:28 am
by BitingBummer
My server is configured this way:
Max FP connections: 1000
Max FP connections per IP: 0
Max PP connections: 500
Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For

Looks alright?

Re: proxy

Posted: Sat Mar 26, 2016 9:18 am
by Kent Briggs
BitingBummer wrote: Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For
Looks alright?
Looks alright if your proxy server is actually putting the source IP in the X-Forwarded-For header on the WebSocket connection. If not, you won't get more than 10 connections.

Re: proxy

Posted: Sat Mar 26, 2016 12:33 pm
by BitingBummer
How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?

Re: proxy

Posted: Sat Mar 26, 2016 1:58 pm
by Kent Briggs
BitingBummer wrote:How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
If your proxy is metering connections to prevent DDOS attacks, you can zero out all of those limit settings. But the packet port is where the websocket connection is occurring. There's no acceleration possible there. Opening multiple connections only works on the file port, which is operating like a standard HTTP web host. Does the Connections tab show a different IP address for each player? If so, then you know your X-Forward-For header is working.

Re: proxy

Posted: Sat Mar 26, 2016 2:09 pm
by BitingBummer
Yes, it shows different IP address for every player.
I changed it to 0, and now this message related to the rejections doesn't appear anymore.