Skip to content
A simple plugin that verifies whether players connected from a trusted BungeeCord proxy.
Java
Branch: master
Clone or download
Latest commit 955c309 Nov 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bungeeguard-backend Some cleanup Nov 5, 2019
bungeeguard-proxy Some cleanup Nov 5, 2019
.gitignore Initial commit Nov 1, 2017
LICENSE.txt Initial commit Nov 1, 2017
README.md Some cleanup Nov 5, 2019
pom.xml Use PlayerLoginEvent when PlayerHandshakeEvent is not available (#20) Nov 5, 2019

README.md

BungeeGuard

BungeeGuard is a pair of plugins which intercept the BungeeCord handshake protocol, and allow backend servers to verify whether players connected from a trusted proxy.

  • On the proxy, BungeeGuard inserts a special authentication token into the profile data sent to the backend server when a player tries to connect.
  • On the backend server, BungeeGuard listens to incoming connections and denies connections which do not contain an allowed token.

This means that even if your backend server is not firewalled, malicious users will not be able to spoof logins without knowing one of your allowed tokens.

Installation

On your proxies...

  1. Add the bungeeguard-proxy.jar file to your BungeeCord plugins folder. Then restart the proxy. If you have multiple proxies in your network, do this for each of them.
  2. Navigate to /plugins/BungeeGuard/token.yml and make a note of the value of token.

On each of your backend servers...

  1. Consider using the Paper server software. (BungeeGuard is able cancel malicious collections "sooner" on Paper servers.)

  2. Add the bungeeguard-backend.jar file to your plugins folder. Then restart the server.

  3. Navigate to /plugins/BungeeGuard/config.yml. Add the token(s) generated by the proxy(ies) to the allowed-tokens list.

    e.g.

    # Allowed authentication tokens.  
    allowed-tokens:
      - "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
  4. Restart the server again.

Compatibility

BungeeGuard is known to have compatibility issues with SkinsRestorer on the proxy side. This has been fixed in a SkinsRestorer update, please ensure you are using the latest version.

BungeeGuard is known to have compatibility issues with ProtocolSupport on the backend side. This has been fixed in a ProtocolSupport update, please ensure you are using the latest version.

You can’t perform that action at this time.