With the discharge of SmartFoxServer 2.19.0 we have now launched a brand new Extension Flood Filter that gives positive grained management over the packet price of Extension requests: it may be used to restrict the variety of calls per second for particular requests and mechanically set guidelines for warning and banning the offending consumer(s).
It additionally consists of the power to catch unknown Extension calls (i.e. requests for which there doesn’t exist a request handler) and apply auto-ban guidelines as nicely.
Underneath regular circumstances, e.g. customers enjoying with the official consumer app, there shouldn’t be a priority about request spam: limitations may be simply coded within the consumer itself. Nonetheless it’s additionally comparatively simple for malicious customers to reverse engineer a consumer made in Javascript, Unity or Java and bypass such limitations.
Overview
Within the diagram under we present a chook’s eye view of the filter and its place within the Extension invocation chain. For every request handler outlined in our Extension code (through the addRequestHandler strategies) we are able to set a restrict expressed in variety of calls per second.
On this instance we have now outlined a playerShoot request handler and we’ve additionally set a restrict of 4 requests/sec. If a consumer sends 20 calls in a single second solely the first 4 might be handed to the Extension and processed, whereas the remainder might be discarded. Moreover, based mostly on the auto-ban guidelines, the sender will both be warned or banned.
Utilization
The Extension Flood Filter is inactive by default. To activate it we have to name the initFloodFilter(…) technique obtainable from the guardian SFSExtension class.
public class AntiFloodTestExtension extends SFSExtension
{
static remaining String PLAYER_SHOOT = "pShoot";
static remaining String PLAYER_MOVE = "pMove";
@Override
public void init()
{
ExtensionFloodFilterConfig cfg = new ExtensionFloodFilterConfig();
cfg.banDurationMinutes = 120;
cfg.maxFloodingAttempts = 3;
cfg.secondsBeforeBan = 2;
cfg.banMessage = "You at the moment are banned. Motive: request flooding.";
cfg.filterRules = Map.of
(
PLAYER_SHOOT, 4,
PLAYER_MOVE, 15
);
initFloodFilter(cfg);
addRequestHandler(PLAYER_SHOOT, (sender, param) -> {
hint("Taking pictures");
});
addRequestHandler(PLAYER_MOVE, (sender, param) -> {
hint("Shifting");
});
}
}
The initializer technique takes a ExtensionFloodFilterConfig object with with quite a lot of properties for warning and banning shoppers.
For extra particulars on every setting, default values and additional particulars please test our documentation web site right here.
