Configuration - SlimeDog/NetworkInterceptor GitHub Wiki

NetworkInterceptor ▪ Monitor and block outgoing network connections

Configuration

⚠️ Upgrading from NetworkInterceptor 3.0.0 to 3.1.2: There two new allowed targets, to support DNS-lookup for proxies. See the change log.

⚠️ Upgrading from NetworkInterceptor 2.0.0 to 3.0.0: There is only one substantive change (and many changes to comments). See the change log.

⚠️ Upgrading from NetworkInterceptor 1.0 to 2.0.0: Significant configuration changes are required. See the change log.

⚠️ Configuration changes must be performed manually; NetworkInterceptor does not change the files automatically.

The current default configuration file may be found on GitHub. Sample configuration files are provided for allow mode and deny mode. The configuration options may be changed to reflect your preferences

Configuration parameters

parameter                                       default                       description
methods security-manager
proxy-selector 		Either or both may be enabled. Both are recommended.
⚠️ The proxy-selector method does not detect as many connection attempts as the security-manager method. For best results, the security-manager method should be enabled.
enable-metrics true By default, the plugins collects and transmits anonymous statistics to bstats.org. Data collection may be disabled here, or generally in the bStats/config.yml.
mode deny Allow or deny (block) specified connection targets.
logging.enabled true Log connection intercepts and blocks.
logging.include-traces true Include stack traces in the console log. Stack traces are always include in the log file.
logging.mode console console, file, or all
logging.truncate-file-on-start true Truncate the intercept log on server start-up 🚩 Added in 3.0.0
blocking.enabled false In deny mode, block connections to listed targets. In allow mode, block connections to unlisted targets.
mapping.enabled true Map IP addresses to preceding FQDN within the configured time.
mapping.timer 1000 Time in milliseconds for mapping to occur.
trusted-plugins none List plugins whose connections should be trusted.
⚠️ Velocity may require lowercase plugin names.
targets none In deny mode, the list of targets that will be blocked. In allow mode, the list of targets that will be allowed.

Recommendation: Save a backup of the file before you change it.

How to

  • Edit plugins/NetworkInterceptor/config.yml to suit your preferences.
  • Reload NetworkInterceptor or restart the server.

The configuration file must contain valid YAML.

🚩 YAML errors in the configuration will cause NetworkInterceptor to revert to defaults. Errors will be logged to the console on server start-up or plugin reload.

Use case #1: Allow plugin update checks

We would like to allow plugins to check for updates. We can configure NetworkInterceptor to allow such connections. For example:

mode: allow
blocking:
  enabled: true
targets:
  - 'api.github.com'
  - 'api.spiget.org'
  - 'api.spigotmc.org'

Use case #2: Deny plugin update checks

We developed an offline plugin update checker. We do not want plugins to perform update checks from the running server. Unfortunately, all of them do not offer configuration options to disable the checks. We can configure NetworkInterceptor to deny such connections. For example:

mode: deny
blocking:
  enabled: true
targets:
  - 'api.github.com'
  - 'api.spiget.org'
  - 'api.spigotmc.org'
⚠️ **GitHub.com Fallback** ⚠️