proxy

For general discussion of the Poker Mavens software
Post Reply
BitingBummer
Posts: 66
Joined: Thu Feb 13, 2014 1:15 pm

proxy

Post by BitingBummer »

Hi,
I've started using a reversed-proxy. I noticed "Packet port rejections" that started to appear in my event log.
What does it mean?

Thank you.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: proxy

Post by Kent Briggs »

Most likely, you have "Max PP connections per IP" set and that's being exceeded because all incoming connections are coming from your proxy server. If you have the ability to get your proxy server to send a custom header that contains the player's true IP, then use the "Proxy IP header" setting to read that. Otherwise, set "Max PP connections per IP" to 0.
BitingBummer
Posts: 66
Joined: Thu Feb 13, 2014 1:15 pm

Re: proxy

Post by BitingBummer »

Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: proxy

Post by Kent Briggs »

BitingBummer wrote:Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?
Where are you seeing that?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: proxy

Post by Kent Briggs »

Oh, HTTP error 429 (Too Many Requests). Yes, the server returns that code when it rejects connections that exceed your stated limits. So yeah, it's directly related.
BitingBummer
Posts: 66
Joined: Thu Feb 13, 2014 1:15 pm

Re: proxy

Post by BitingBummer »

My server is configured this way:
Max FP connections: 1000
Max FP connections per IP: 0
Max PP connections: 500
Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For

Looks alright?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: proxy

Post by Kent Briggs »

BitingBummer wrote: Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For
Looks alright?
Looks alright if your proxy server is actually putting the source IP in the X-Forwarded-For header on the WebSocket connection. If not, you won't get more than 10 connections.
BitingBummer
Posts: 66
Joined: Thu Feb 13, 2014 1:15 pm

Re: proxy

Post by BitingBummer »

How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: proxy

Post by Kent Briggs »

BitingBummer wrote:How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
If your proxy is metering connections to prevent DDOS attacks, you can zero out all of those limit settings. But the packet port is where the websocket connection is occurring. There's no acceleration possible there. Opening multiple connections only works on the file port, which is operating like a standard HTTP web host. Does the Connections tab show a different IP address for each player? If so, then you know your X-Forward-For header is working.
BitingBummer
Posts: 66
Joined: Thu Feb 13, 2014 1:15 pm

Re: proxy

Post by BitingBummer »

Yes, it shows different IP address for every player.
I changed it to 0, and now this message related to the rejections doesn't appear anymore.
Post Reply