Jump to content

Recommended Posts

Posted
4 hours ago, AlmostGood said:

use OVHs edge firewall and own rule set with default drop all, extend L2 client to calculate some math challange before login request is attempted, send result together with some hwid/ip to aws/gcp instance which will verify it and query OVHs firewall api to allow login. Mystery of application layer "100% DDos Protection" solved.

 

your idea is good and that would be the ultimate protection , but have in mind that ovh firewall can only handle up to 20 rules . that means you can have up to 19 online players ( one reserved for drop all ) so you have to find another workaround. 

Posted (edited)

they have dedicated firewall solutions which doesn't have such limits like VMware NSX, where you can filter traffic on the edge

 

but even if you run on budget, its doable with 20 rules limit and some extra code because you only need to allow connection init, once its established/related it will pass firewall, so you could setup TTL for rules to expire after 10sec and add extra msg on game start about queue when your rules set is full :D to make it smoother, i would block manual auth with login/pass and use autologin + launcher passing login data in process args.

Edited by AlmostGood

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...