71d1246374
This reduces the impact of attacks that send a large packet size first and then send data very slowly but frequently enough to not trigger a timeout (as the timeout handler was before the Varint21FrameDecoder). This causes connections to stay open for a long time without much effort from an attacker, while the packet never leaves the Varint21FrameDecpder stage of the netty pipeline (causing no additional checks to happen and no logs of the connection to be created). This will not have an impact on bad connections as without recieving full packets the underlying spigot server would timeout instead. |
||
|---|---|---|
| .github/workflows | ||
| api | ||
| bootstrap | ||
| chat | ||
| config | ||
| event | ||
| log | ||
| module | ||
| native | ||
| protocol | ||
| proxy | ||
| query | ||
| .gitignore | ||
| checkstyle.xml | ||
| LICENSE | ||
| nb-configuration.xml | ||
| pom.xml | ||
| README.md | ||
BungeeCord
Layer 7 proxy designed to link Minecraft servers.
BungeeCord is a sophisticated proxy and API designed mainly to teleport players between multiple Minecraft servers. It is the latest incarnation of similar software written by the author from 2011-present.
Information
BungeeCord is maintained by SpigotMC and has its own discussion thread with plenty of helpful information and links.
Security warning
As your Minecraft servers have to run without authentication (online-mode=false) for BungeeCord to work, this poses a new security risk. Users may connect to your servers directly, under any username they wish to use. The kick "If you wish to use IP forwarding, please enable it in your BungeeCord config as well!" does not protect your Spigot servers.
To combat this, you need to restrict access to these servers for example with a firewall (please see firewall guide).
Source
Source code is currently available on GitHub.
Binaries
Precompiled binaries are available for end users on Jenkins.
(c) 2012-2021 SpigotMC Pty. Ltd.