51.161.19.1
for example).only-allow-proxy-connections
) not only transports connection information but also performs a three-way handshake between our proxies and your backend so that your backend knows it's communicating with our proxies.51.161.19.19:25565
for example) to your server unless the connection is coming from our proxies (you can find the IP ranges at: https://tcpshield.com/v4 and https://tcpshield.com/v4-cf). By extension, this also adds an extra layer of security, as it protects your backend from common attack vectors such as MOTD scanning.proxy-protocol
(or haproxy-protocol
if you are using Velocity) in your proxy's config. proxy-protocol
in your backend set on the TCPShield Web panel.enable-proxy-protocol
and use-proxy-protocol
are both set to true
in your config (Under both Bedrock
and Remote
section).only-allow-proxy-connections
set to false, our plugin still transports connection information, in this case being player’s IP Addresses. Without our plugin (or proxy-protocol
), the IP Address of players joining your server would be coming from us.false
doesn’t mean your DDoS mitigation capacity will be lost: You will still be protected behind our network. The handshake between our proxies and your backend won’t perform, so that’s an extra layer of security lost, but you can setup your own firewall (ufw
, iptables
etc) to achieve greater effect.mydomain.com
updates, and try to access the newly updated mydomain.com
, your computer will make a query to the Resolver server asking: “What is the IP Address corresponding to this domain?”. The Resolver server in this case is your ISP – Internet Service Provider (Comcast, AT&T, Vodafone, etc.).
Once your ISP receives the query, it will check its own cache memory. If it can’t find the specified domain, it will send a query to a root server – which is the top of the DNS hierarchy. If the information can’t be found within the root server, it will forward the request to a TLD (Top-level domain server), which stores address information for top level domains such as .com
, .net
, .org
.
If the TLD server still can’t resolve the query, it will make a last redirect of your request to an Authoritative Nameserver. The Authoritative Nameserver knows everything about the domain, and will respond to your Resolver server accordingly, and that information will get sent back to your computer.<127.0.0.1 initial handler has pinged>
in the console?127.0.0.1