Configuration
Contents
- Home
- Why Anti-VPN?
Setup
- Installation
- Usage
- Configuration
- Languages
- Commands
- Permissions
- FAQ
Features
- Plugin Support
- PLAN
- PlaceholderAPI
- LuckPerms/Vault
Developers
Clone this wiki locally
Storage
The storage
section is how Anti-VPN stores long-term data. Let's break the section down.
storage:
The engines
section shows various storage engines and their related settings. Each engine's enabled
must be set to true
in order for that engine to be used in the plugin.
The connection
section will allow you to configure how the plugin connects to the storage engine. Things like connection properties and login information can be set here.
engine1:
type: 'mysql'
enabled: false
connection:
address: '127.0.0.1:3306'
database: 'anti_vpn'
username: ''
password: ''
options: 'useSSL=false&useUnicode=true&characterEncoding=utf8'
The settings
section allows setting the number of connections in the pool and various connection timeout, and lifetime settings.
The max-pool-size
is the maximum number of connections the plugin will make to a given storage engine. The "min-idle" is the minimum number of connections the plugin will keep alive after non-use. It's generally good practice to keep these two numbers the same.
The max-lifetime
is how long a connection will live for before being re-created, and timeout
is how long the plugin will wait before giving up on a new connection. Generally, you won't need to touch these, but if your storage setup is different then you may want to have a second look.
settings:
max-pool-size: 4
min-idle: 4
max-lifetime: '30minutes'
timeout: '5seconds'
The order
section tells the plugin in what order you'd like the storage engines to be used. In the default config (below), engine1
will be tried first, then engine2
. If any of the engines are disabled or cannot function properly, the next in line will be used.
order:
- 'engine1'
- 'engine2'
Messaging
The messaging
section allows you to connect to an existing messaging engine so they may be used to push instant updates across a network.
messaging:
The engines
section shows various storage engines and their related settings. Each engine's enabled
must be set to true
in order for that engine to be picked up in the plugin.
The connection
section will allow you to configure how the plugin connects to the messaging engine. Things like virtual-host or key prefixes, connection properties, and login information can be set here.
engine1:
type: 'rabbitmq'
enabled: false
connection:
address: '127.0.0.1:5672'
v-host: '/'
username: 'guest'
password: 'guest'
The settings
section allows setting the number of connections in the pool and various connection timeout, and lifetime settings.
The max-pool-size
is the maximum number of connections the plugin will make to a given messaging engine. The "min-idle" is the minimum number of connections the plugin will keep alive after non-use. It's generally good practice to keep these two numbers the same.
The max-lifetime
is how long a connection will live for before being re-created, and timeout
is how long the plugin will wait before giving up on a new connection. Generally, you won't need to touch these, but if your messaging setup is different then you may want to have a second look.
settings:
max-pool-size: 4
min-idle: 4
max-lifetime: '30minutes'
timeout: '5seconds'
Sources
Sources are how the plugin determines whether or not an IP is "bad"- sadly, the plugin itself is not magical and does not automatically "know" anything about a player or their IP. Instead, when a player logs in it grabs their IP and sends it off to various sources which then return a result- "good" or "bad"- which the plugin then stores and uses itself.
sources:
The cache-time
defines how long to keep IP results for before forcibly fetching new results from sources. As the internet changes frequently, keeping these values for too long may give you bad results. However, not keeping these values for long enough will force the plugin to continually fetch new results and will run you out of source credits (or make the sources very angry with you) very quickly.
cache-time: '6hours'
The order
is used in cascade
mode (explained below). The default order represents "best-to-worst" as tested by myself, but you may change it if you wish.
order:
- 'proxycheck'
- 'iptrooper'
- 'getipintel'
- 'ipqualityscore'
- 'iphub'
- 'iphunter'
- 'vpnblocker'
- 'ip2proxy'
- 'shodan'
- 'ipinfo'
- 'teoh'
The sections below outline various sources for your use. Each section will be slightly different due to the way the services work, but the config does a good job at explaining what each option does. Each source will also have an enabled
option defining whether or not to actually use the source.
You'll also notice that each source section has a header with some numbers. These numbers represent the overall "accuracy" of each source as tested on the dates provided.
X:
enabled: false
Y: ''
Z: 1
MCLeaks
Since the plugin now has the ability to block and/or detect MCLeaks accounts, there's a new section for it. It's fairly straightforward in that it's similar to the sources
section.
mcleaks:
The cache-time
defines how long to keep MCLeaks results for before forcibly fetching new results from the API. As Minecraft can change fairly frequently and accounts are lost and recovered, keeping these values for too long may give you bad results. However, not keeping these values for long enough will force the plugin to continually fetch new results and will run you out of credits very quickly.
cache-time: '1day'
Action
This section defines whether or not the plugin will take automatic action on players using VPNs/proxies or MCLeaks accounts, and how it will do so.
action:
Both the vpn
and mcleaks
sections are similar in regards to actions being taken on the player if found using a VPN or MCLeaks account respectively.
When kick-message
is set the plugin will kick the player with the defined message.
When commands
is set the plugin will run the commands specified as the console user. You may use "%player%" in place of the player's real name, and "%uuid%" in place of the player's UUID when creating the command to be run.
If both are set, the commands will always run before the player is kicked.
If you set kick-message
to an empty value Anti-VPN won't kick players. Similarly, if you set commands
to an empty list the system won't run any command.
vpn:
kick-message: '&cPlease disconnect from your proxy or VPN before re-joining!'
commands:
- ''
The algorithm determines how the sources for the default action are to be used. The options are cascade
or consensus
.
-
When using
cascade
mode, the plugin will run through all the enabled, valid sources defined above one by one and check each as it goes. Once a result is found, it uses that result to determine the validity of an IP (whether or not it's "good" or "bad")For example, if you have the default order (iphub, proxycheck, getipintel, etc) it will first check iphub. If iphub returns a "failure" result (service is down, ran out of "credits", etc) it will then check proxycheck. It will continue down this list until a source finally responds with a valid result, telling the plugin whether or not the given IP is "good " or "bad".
-
When using
consensus
mode the plugin will request a result from every enabled, valid source defined above at the same time. Once every source has returned with a result, it will then check the ratio of "good" results vs "bad" results to determine the validity of an IP (whether or not it's "good" or "bad")For example, if you have only iphub and proxycheck enabled, it will send a request to both of the sources. If iphub says the IP is "bad" and proxycheck says "good" the result will be 0.5 or 50%. If both return "bad" the result will be 1.0 or 100%. Similarly, if both return "good" the result will be 0.0 or "0%"
If a service returns a "failure" result (service is down, ran out of "credits", etc) it will not count towards the final result. For example, if you have only iphub and proxycheck enabled and iphub returns a "failure" then only proxycheck's result will actually be considered.
algorithm:
method: 'cascade'
The min-consensus
is used with the consensus
mode above. If the returned result is greater than or equal to this number, the IP is considered to be "bad" and the default action is taken against the player.
For example, if the min-consensus is set to 0.6 then at least 60% of the sources must agree that the IP is "bad" before taking action on the player.
min-consensus: 0.6
The ignore
list is a list of IPs and/or IP ranges to ignore when deciding to check players. This will skip checking for any player that connects from any IP defined here. Both IPv4 and IPv6 and their respective ranges are allowed.
ignore:
- '127.0.0.0/8'
- '::1/128'
Connection
These connection settings define how connections to the outside world are used. Specifically, this refers to APIs used by the plugin to detect VPNs and MCLeaks players.
connection:
The cache-time
defines how long to keep results in-memory. Since it's time-consuming to continually fetch data from storage, caching recent results in the server's memory can be a lot faster. This also prevents certain kinds of denial-of-service attacks that would otherwise prevent your server or storage engine from doing its job properly.
cache-time: '1minute'
The threads
option defines how many simultaneous connections can be used with API queries. The default is a good starting point, but you may want to increase it if you find you have many players logging in at once, or are using consensus
mode.
threads: 4
The timeout
here determines how long each thread will try to connect to an API before giving up and erroring out. You want this fairly low so you're not trying to hang on to a connection that just won't work, but high enough that you don't try to disconnect before the service responds. Some services can be a bit slow on bad days.
timeout: '5seconds'
General
These are some general/misc options that you may or may not want to play with.
Enabling "debug" will tell the plugin to print a LOT more information about its actions to the console. This is very useful when debugging the plugin or trying to figure out why you're getting a particular result from a particular player.
debug: false
The lang
value represents the default language of your server. Once restarted (not reloaded), the console output will use the new language you specify. Once reloaded (or restarted), the server's default language will become this. Any players that are using languages not known by the plugin will default to this language.
lang: 'en'
This section defines whether or not the plugin will send usage and error stats to the author. Usage stats are provided to bstats and error reports are sent to GameAnalytics.
stats:
usage: true
errors: true
This section defines whether or not the plugin checks for updates, and whether or not players with the avpn.admin
permission node are notified of updates on login.
update:
check: true
notify: true