# NetworkInterceptor configuration
# originally made with <3 by Luck
#
# Updated and maintained by drives_a_ford and SlimeDog
# Design: SlimeDog
# Implementation: drives_a_ford
# Testing: SlimeDog
#
# Supported MC versions:
# https://github.com/SlimeDog/NetworkInterceptor/wiki/Technical-Details
# Default configuration:
# https://github.com/SlimeDog/NetworkInterceptor/blob/master/src/main/resources/config.yml
# ========== METHODS ===============================================================================
# Network requests may be detected by either or both of the following methods.
#
# security-manager:
# * Installs a custom SecurityManager into the server
# * Will intercept all outgoing network requests
# * May be incompatible with other plugins which install a security manager
# * In particular, note that AAC disables itself if the security-manager method is enabled.
#
# proxy-selector:
# * Installs a custom ProxySelector into the server
# * Will intercept most outgoing HTTP requests
# * Will not catch requests which specifically define their proxy
# * Should not be incompatible with anything
#
# Both methods may be enabled, and are recommended.
methods:
- security-manager
- proxy-selector
# ========== CHECK FOR UPDATES =====================================================================
# If you do not want notification of available updates in the console log, you may disable it here.
check-for-updates: true
# Update source may be either Hangar (default) or SpigotMC.
update-source: Hangar
# ========== BSTATS METRICS ========================================================================
enable-metrics: true
# ========== PROCESSING MODE =======================================================================
# Processing mode is allow or deny
# In allow mode, outbound network connections to specified targets will be allowed.
# In deny mode, outbound network connections to specified targets will be denied (blocked).
# In either mode, trusted plugins may be specified.
mode: allow
# ========== LOGGING ===============================================================================
# Enable/disable logging of outbound network connections.
#
# Enable/disable stack traces for each connection attempt.
# Stack traces will always be included in the file output.
#
# Connection requests may be logged to the console
# or to plugins/NetworkInterceptor/intercept.log
# Options are
# - console
# - file
# - all
logging:
enabled: true
include-traces: false
mode: file
truncate-file-on-start: true
# ========== BLOCKING ==============================================================================
# Enable/disable blocking.
# If blocking is disabled, logging will still occur unless disabled above.
blocking:
enabled: true
# ========== MAPPING ===============================================================================
# Configure whether fully qualified domain names (FQDNs) are mapped to their IP addresses
# This will allow calls to IP addresses that are the result of a call to a specific FQDN
# within a certain amount of time of the former.
mapping:
enabled: true
# The time (in ms) within which IPs are allowed to pass as per their FQDN permissions
timer: 1000
# ========== TRUSTED PLUGINS =======================================================================
# In allow mode, outbound network connections by these plugins will be allowed.
# In deny mode, outbound network connections by these plugins will be allowed,
# unless the target is explicitly blocked in the targets list.
#
# If LuckPerms is installed, we recommend listing it as a trusted plugin, to simplify configuration.
# Remove [] on the next line, and add the following line (without the # comment).
# - LuckPerms
trusted-plugins: []
# ========== BLOCKED PLUGINS =======================================================================
# No network connections by the listed plugin(s) will be allowed, period.
# Remove [] on the next line, and add the following line (without the # comment).
# - pluginName
blocked-plugins: []
# ========== TARGETS ===============================================================================
# A list of disallowed FQDNs and IP addresses
# Entries should be lowercase.
# In allow mode, outbound network connections to these targets will be allowed.
# In deny mode, outbound network connections to these targets will be blocked.
#
# A good place to start looking is the sample-allow-config.yml content.
# Then review the intercept log to discover more.
targets:
# Mojang authentication
- 'api.mojang.com'
- 'sessionserver.mojang.com'
- 'launcher.mojang.com'
- 'launchermeta.mojang.com'
# Update checking
- 'api.papermc.io'
- 'api.purpurmc.org'
- 'hub.spigotmc.org'
- 'hangar.papermc.io'
- 'api.modrinth.com'
- 'api.spiget.org'
- 'api.spigotmc.org'
- 'api.github.com'
- 'gist.githubusercontent.com'
- 'raw.githubusercontent.com'
# Aikar timings
- 'timings.aikar.co'
- 'timings.spigotmc.org'
# Metrics services
- 'bstats.org'
- 'mcstats.spigotmc.org'
# SpigotMC library loader
# For plugins that utilize the SpigotMC library loader
# For example: LuckPerms, ntdLuckyBlock, TicketManager
- 'repo.maven.apache.org'
- '199.232.192.215'
- '199.232.196.215'
- '151.101.0.215'
- '151.101.16.215'
- '151.101.64.215'
- '151.101.128.215'
- '151.101.192.215'
# LuckPerms
- 'bytebin.lucko.me' # pastebin
- 'metadata.luckperms.net' # dependencies
- 'nexus.lucko.me' # dependencies
# Spark
- 'spark-usercontent.lucko.me' # pastebin
What should the feature be?
Due to Fractureiser, SkyRage, etc. we need some way to block outgoing requests to untrusted domains
If applicable, what are some existing implementations?
https://hangar.papermc.io/SlimeDog/NetworkInterceptor