BungeeGuard is a plugin which adds a security token to the BungeeCord handshaking protocol. In the case that the backend servers are not properly firewalled, it prevents players from bypassing the proxy and spoofing their UUID.
It is a more sensible alternative to "ip whitelist" or "only proxy join" type plugins.
Installation is very straightforward.
ip_forward
is set to true
in BungeeCord's config.yml
.BungeeGuard.jar
to the plugins folder. Then restart the proxy. If you have multiple proxies in your network, do this for each of them./plugins/BungeeGuard/token.yml
and make a note of the value of token
. player-info-forwarding-mode
to "bungeeguard"
in velocity.toml
, and make note of the value of forwarding-secret
. This is the value used for the BungeeGuard token. If you have multiple proxies in your network, do this for each of them.bungeecord
is set to true
in spigot.yml
.BungeeGuard.jar
to the plugins folder. Then restart the server.Navigate to /plugins/BungeeGuard/config.yml
. Add the token(s) generated by the proxy(ies) to the allowed-tokens
list.
e.g.
# Allowed authentication tokens.
allowed-tokens:
- "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
bungeeguard reload
from console.