only-allow-proxy-connections) not only transports connection information but also performs a three-way handshake between our proxies and your backend so that your backend knows it's communicating with our proxies.
22.214.171.124:25565for example) to your server unless the connection is coming from our proxies (you can find the IP ranges at: https://tcpshield.com/v4 and https://tcpshield.com/v4-cf). By extension, this also adds an extra layer of security, as it protects your backend from common attack vectors such as MOTD scanning.
haproxy-protocolif you are using Velocity) in your proxy's config.
proxy-protocolin your backend set on the TCPShield Web panel.
use-proxy-protocolare both set to
truein your config (Under both
only-allow-proxy-connectionsset to false, our plugin still transports connection information, in this case being player’s IP Addresses. Without our plugin (or
proxy-protocol), the IP Address of players joining your server would be coming from us.
falsedoesn’t mean your DDoS mitigation capacity will be lost: You will still be protected behind our network. The handshake between our proxies and your backend won’t perform, so that’s an extra layer of security lost, but you can setup your own firewall (
iptablesetc) to achieve greater effect.
mydomain.comupdates, and try to access the newly updated
mydomain.com, your computer will make a query to the Resolver server asking: “What is the IP Address corresponding to this domain?”. The Resolver server in this case is your ISP – Internet Service Provider (Comcast, AT&T, Vodafone, etc.). Once your ISP receives the query, it will check its own cache memory. If it can’t find the specified domain, it will send a query to a root server – which is the top of the DNS hierarchy. If the information can’t be found within the root server, it will forward the request to a TLD (Top-level domain server), which stores address information for top level domains such as
.org. If the TLD server still can’t resolve the query, it will make a last redirect of your request to an Authoritative Nameserver. The Authoritative Nameserver knows everything about the domain, and will respond to your Resolver server accordingly, and that information will get sent back to your computer.
<127.0.0.1 initial handler has pinged>in the console?