Hi,
I've started using a reversed-proxy. I noticed "Packet port rejections" that started to appear in my event log.
What does it mean?
Thank you.
proxy
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: proxy
Most likely, you have "Max PP connections per IP" set and that's being exceeded because all incoming connections are coming from your proxy server. If you have the ability to get your proxy server to send a custom header that contains the player's true IP, then use the "Proxy IP header" setting to read that. Otherwise, set "Max PP connections per IP" to 0.
-
- Posts: 66
- Joined: Thu Feb 13, 2014 1:15 pm
Re: proxy
Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: proxy
Where are you seeing that?BitingBummer wrote:Does error 429 have something to do with this? Or is it just a coincidence I get this error as well?
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: proxy
Oh, HTTP error 429 (Too Many Requests). Yes, the server returns that code when it rejects connections that exceed your stated limits. So yeah, it's directly related.
-
- Posts: 66
- Joined: Thu Feb 13, 2014 1:15 pm
Re: proxy
My server is configured this way:
Max FP connections: 1000
Max FP connections per IP: 0
Max PP connections: 500
Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For
Looks alright?
Max FP connections: 1000
Max FP connections per IP: 0
Max PP connections: 500
Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For
Looks alright?
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: proxy
Looks alright if your proxy server is actually putting the source IP in the X-Forwarded-For header on the WebSocket connection. If not, you won't get more than 10 connections.BitingBummer wrote: Max PP connections per IP: 10
Proxy IP header : X-Forwarded-For
Looks alright?
-
- Posts: 66
- Joined: Thu Feb 13, 2014 1:15 pm
Re: proxy
How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: proxy
If your proxy is metering connections to prevent DDOS attacks, you can zero out all of those limit settings. But the packet port is where the websocket connection is occurring. There's no acceleration possible there. Opening multiple connections only works on the file port, which is operating like a standard HTTP web host. Does the Connections tab show a different IP address for each player? If so, then you know your X-Forward-For header is working.BitingBummer wrote:How insecure would it be if I changed the max PP connections to 0?
Because I still get packet port rejections, maybe the proxy tries to open more than 10 connections for each client for acceleration purposes?
-
- Posts: 66
- Joined: Thu Feb 13, 2014 1:15 pm
Re: proxy
Yes, it shows different IP address for every player.
I changed it to 0, and now this message related to the rejections doesn't appear anymore.
I changed it to 0, and now this message related to the rejections doesn't appear anymore.