|  |   | 
| (12 intermediate revisions by 5 users not shown) | 
| Line 1: | Line 1: | 
|  | ==Server Security==
 |  | #REDIRECT [[Arma 3: Server Config File#Server Security]] | 
|  | Several of these settings directly contribute to the security of the server and have been highlighted as important, particularly for running Public (no password) servers.
 |  | 
|  |   |  | 
|  | ;The most updated ones that give a good protection (and are, ''de facto'', the standard for public servers) are:
 |  | 
|  | <syntaxhighlight lang=cpp>
 |  | 
|  | battlEye = 1;
 |  | 
|  | verifySignatures = 2;
 |  | 
|  | allowedFilePatching = 0;
 |  | 
|  | allowedLoadFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
 |  | 
|  | allowedPreprocessFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
 |  | 
|  | allowedHTMLLoadExtensions[] = {"htm","html","xml","txt"};
 |  | 
|  | //allowedHTMLLoadURIs[] = {};
 |  | 
|  | passwordAdmin = "xyzxyz123";
 |  | 
|  | serverCommandPassword = "xyzxyz456";
 |  | 
|  | </syntaxhighlight>
 |  | 
|  |   |  | 
|  | '''Note:''' allowedLoad*/allowedPreprocess*/allowedHTML* are server.cfg settings with array list of extensions, for server-side use only. <br>
 |  | 
|  | Above are listed examples for basic-game MP modes, server-admin may attempt to make it stricter for theirs servers (if too strict then server's log file will contain warning entries about unable read)<br>
 |  | 
|  | With the exception of allowedHTMLLoadURIs those arrays covers both files inside and outside PBOs so don't change the above defaults w/o testing first as there's a chance you'll break the game. <br>
 |  | 
|  | '''Warning:''' Not listing any extension means ''everything is allowed''. Defining the setting as empty arrays means ''nothing is allowed''.<br>
 |  | 
|  | To read [[loadFile]] , [[preprocessFile]] , [[preprocessFileLineNumbers]] and to remember, those works on files only-within Arma 3 server directory and it's sub-directories !
 |  | 
|  | :Refer to [[ArmA: Addon Signatures]] for current best practices in server mod signing and the use of key signature files.<br>
 |  | 
|  |   |  | 
|  | To further increase security of your servers remember [[BattlEye]] has ability to utilize server-side (including preventing remote execution) and client-side script check filters.<br>
 |  | 
|  | :'''Note:''' these BattlEye filters needs to be written specifically for each mission and mod as the scripting differs in each of them.<br>
 |  | 
|  |   |  | 
|  | '''To understand:''' Engine supports absolute (full path) outside Arma 3 server folder for command-line parameters ''-servermod='', ''-mod='' and same for profile directories and config locations<br>
 |  | 
|  | this puts those out of reach by various load script command features which are limited only within Arma 3folder and it's sub-directories (for logical security reason)<br>
 |  | 
|  | thus e.g. safe folder-structure looks like:<br>
 |  | 
|  | \arma3server\<br>
 |  | 
|  | \arma3server\@publicmods\<br>
 |  | 
|  | \arma3server_servermods_secrethash\<br>
 |  | 
|  | \arma3server_profiles_and_configs_secrethash\<br>
 |  | 
|  | yet note that callExtensions are loaded only from arma 3 server root / subfolders
 |  | 
|  |   |  | 
|  | ==See Also==
 |  | 
|  | *[[ArmA: Serverconfiguration|ServerConfiguration]] 
 |  | 
|  | *[[Armed Assault:Dedicated Server]]
 |  | 
|  | *[[ArmA: Server Side Scripting]]
 |  | 
|  | *[[Operation Flashpoint:Dedicated Server]]
 |  | 
|  | *[[Arma_3_Headless_Client]]
 |  | 
|  | *[[Arma_3:_Mission_voting]]
 |  | 
|  | *[[Arma:_Mission_rotation]]
 |  | 
|  | *[[Arma_2_Mission_Rotation]]
 |  | 
|  | *[[Arma_2_OA:_Multiple_Mission_Parameters_Configuration]]
 |  | 
|  |   |  | 
|  | [[Category:Operation Flashpoint: Multiplayer|Server.cfg]]
 |  | 
|  | [[Category:ArmA: Multiplayer|Server.cfg]]
 |  |