Gaming servers can be prime cyberattack targets due to their public exposure and high data value. These attacks can disrupt the gaming experience and cause severe financial loss. One of the common types of attack is a Distributed Denial of Service (DDoS), intended to overwhelm the server with a flood of internet traffic.
Protecting your gaming servers using a reverse proxy is crucial to ensure consistent server performance during peak hours. In this article, we will walk you through the process of protecting your game servers using various solutions: Nginx with DDoS Deflate, Envoy with Curiefense, Traefik with FastNetMon, Haproxy with Snort, and FRP with FastNetMon.
Nginx with DDoS Deflate
Nginx is a popular choice for a reverse proxy server due to its robust performance and flexibility. Coupled with DDoS Deflate, it can effectively block traffic from IP addresses that are known to be malicious.
Implementation
Install Nginx:
sudo apt-get update
sudo apt-get install nginx
Install DDoS Deflate. For Debian-based systems:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
Configure Nginx to limit the number of connections from a single IP address. Add these lines to your http or server section in the Nginx configuration file (/etc/nginx/nginx.conf):
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
limit_req zone=mylimit burst=20;
Configure DDoS Deflate. The configuration file is located at /usr/local/ddos/ddos.conf. Set NO_OF_CONNECTIONS (e.g., 150) and APF_BAN (1 to use APF).
Restart the Nginx and DDoS Deflate services.
Please note that this setup only provides essential protection against DDoS attacks and may not be suitable for larger-scale or more sophisticated attacks.
Envoy with Curiefense
Envoy is a high-performance C++ distributed proxy designed for single services and applications. Coupled with Curiefense, a cloud-native application security platform, it provides enhanced protection for your game servers.
Implementation
Install Envoy. For Docker-based installations, run the following:
docker pull envoyproxy/envoy:latest
Install Curiefense:
helm repo add curiefense https://curiefense.github.io/curiefense-helm/
helm install curiefense curiefense/curiefense
Configure Envoy to use Curiefense as an HTTP filter. In the http_filters section of your Envoy configuration file (envoy.yaml), add:
http_filters:
- name: envoy.filters.http.curiefense
typed_config:
"@type": type.googleapis.com/curiefense.config.v1.FilterConfig
config: {}
Configure Curiefense policies as per your requirements. Policies can be configured using the Curiefense UI, located at http://your-curiefense-service-ip:30080.
Restart the Envoy and Curiefense services.
This setup provides comprehensive application security, including DDoS protection, Web Application Firewall (WAF), and bot mitigation.
Traefik with FastNetMon
Traefik is an open-source Edge Router that automatically discovers the proper configuration for your services. Combined with FastNetMon, a high-performance DoS/DDoS load analyzer, it can effectively protect your game servers.
Implementation
Install Traefik:
docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.10
Install FastNetMon:
wget https://github.com/pavel-odintsov/fastnetmon/raw/master/src/fastnetmon_install.pl -Ofastnetmon_install.pl
sudo perl fastnetmon_install.pl
Configure Traefik to use FastNetMon as a service. In the services section of your Traefik configuration file (traefik.yml), add:
services:
fastnetmon:
loadBalancer:
servers:
- url: "http://<fastnetmon-service-ip>"
Configure FastNetMon to monitor traffic and take action when a threshold is breached. This can be done using the FastNetMon UI, located at http://your-fastnetmon-service-ip:8008.
Restart the Traefik and FastNetMon services.
This setup provides real-time traffic monitoring and automatic action when detecting DDoS attacks.
Haproxy with Snort
Haproxy is a free, fast, and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. Snort is a free and open-source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS). Combining Haproxy with Snort will give your gaming server a robust shield against DDoS and other attacks.
Implementation
Install Haproxy:
sudo apt-get update
sudo apt-get install haproxy
Install Snort:
sudo apt-get install snort
Configure Haproxy to balance the load of your servers. In the backend section of your Haproxy configuration file (/etc/haproxy/haproxy.cfg), add:
backend app
balance roundrobin
server server1 <server1-ip>:80 check
server server2 <server2-ip>:80 check
Configure Snort to monitor network traffic and detect malicious activity. This can be done by writing Snort rules in the /etc/snort/snort.rules file. Here is an example of a simple rule:
alert tcp any any -> any 80 (content:"GET"; msg:"HTTP GET Detected"; sid:1000001;)
Restart the Haproxy and Snort services.
This setup provides network intrusion detection and prevention, protecting your servers against attacks.
FRP with FastNetMon
Fast Reverse Proxy (FRP) is a high-performance reverse proxy application that can enable you to expose a local server behind a NAT or firewall to the internet. Coupled with FastNetMon, it can effectively detect and mitigate DDoS attacks.
Implementation
Install FRP:
wget https://github.com/fatedier/frp/releases/download/v0.49.0/frp_0.49.0_linux_amd64.tar.gz
tar xvzf frp_0.49.0_linux_amd64.tar.gz
cd frp_0.49.0_linux_amd64
Install FastNetMon, same as above.
Configure FRP to forward traffic to your server. In your FRP configuration file (frpc.ini for client, frps.ini for server), add:
[common]
server_addr = <frp-server-ip>
server_port = 7000
[web]
type = http
local_port = 80
custom_domains = www.mydomain.com
Configure FastNetMon as described in the Traefik with the FastNetMon section.
Restart the FRP and FastNetMon services.
This setup exposes your local server to the internet and provides real-time traffic monitoring and DDoS protection.
Conclusion
You can protect your game servers from various cyberattacks by adequately implementing a reverse proxy coupled with network monitoring and intrusion prevention systems. The configurations mentioned above will help you get started with some popular tools. Still, it’s crucial to continuously monitor and tune your systems based on the specific traffic patterns and attack vectors you observe.