|
|
| (7 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| ==Server Security==
| | #REDIRECT [[Arma 3: Server Config File#Server Security]] |
| Several of these settings directly contribute to the security of the server and have been highlighted as important, particularly for running Public (no password) servers.
| |
| | |
| ;The most updated ones that give a good protection (and are, ''de facto'', the standard for public servers) are:
| |
| <syntaxhighlight lang=cpp>
| |
| battlEye = 1;
| |
| verifySignatures = 2;
| |
| allowedFilePatching = 0;
| |
| allowedLoadFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
| |
| allowedPreprocessFileExtensions[] = {"hpp","sqs","sqf","fsm","cpp","paa","txt","xml","inc","ext","sqm","ods","fxy","lip","csv","kb","bik","bikb","html","htm","biedi"};
| |
| allowedHTMLLoadExtensions[] = {"htm","html","xml","txt"};
| |
| //allowedHTMLLoadURIs[] = {};
| |
| passwordAdmin = "xyzxyz123";
| |
| serverCommandPassword = "xyzxyz456";
| |
| </syntaxhighlight>
| |
| | |
| '''Note:''' allowedLoad*/allowedPreprocess*/allowedHTML* are server.cfg settings with array list of extensions, for server-side use only. <br>
| |
| Above are listed examples for basic-game MP modes, server-admin may attempt to make it stricter for theirs servers (if too strict then server's log file will contain warning entries about unable read)<br>
| |
| With the exception of allowedHTMLLoadURIs those arrays covers both files inside and outside PBOs so don't change the above defaults w/o testing first as there's a chance you'll break the game. <br>
| |
| '''Warning:''' Not listing any extension means ''everything is allowed''. Defining the setting as empty arrays means ''nothing is allowed''.<br>
| |
| To read [[loadFile]] , [[preprocessFile]] , [[preprocessFileLineNumbers]] and to remember, those works on files only-within Arma 3 server directory and it's sub-directories !
| |
| :Refer to [[ArmA: Addon Signatures]] for current best practices in server mod signing and the use of key signature files.<br>
| |
| | |
| To further increase security of your servers remember [[BattlEye]] has ability to utilize server-side (including preventing remote execution) and client-side script check filters.<br>
| |
| :'''Note:''' these BattlEye filters needs to be written specifically for each mission and mod as the scripting differs in each of them.<br>
| |
| | |
| '''To understand:''' Engine supports absolute (full path) outside Arma 3 server folder for command-line parameters ''-servermod='', ''-mod='' and same for profile directories and config locations<br>
| |
| this puts those out of reach by various load script command features which are limited only within Arma 3 folder and it's sub-directories (for logical security reason)<br>
| |
| thus e.g. safe folder-structure looks like:<br>
| |
| \arma3server\<br>
| |
| \arma3server\@publicmods\<br>
| |
| \arma3server_servermods_secrethash\<br>
| |
| \arma3server_profiles_and_configs_secrethash\<br>
| |
| yet note that callExtensions are loaded only from arma 3 server root / subfolders
| |
| | |
| ==See Also==
| |
| *[[server.cfg]]
| |
| *[[ArmA: Server configuration|Server Configuration]]
| |
| *[[Armed Assault:Dedicated Server]]
| |
| *[[ArmA: Server Side Scripting]]
| |
| *[[Operation Flashpoint:Dedicated Server]]
| |
| *[[Arma_3_Headless_Client]]
| |
| *[[Arma_3:_Mission_voting]]
| |
| *[[Arma:_Mission_rotation]]
| |
| *[[Arma_2_Mission_Rotation]]
| |
| *[[Arma_2_OA:_Multiple_Mission_Parameters_Configuration]]
| |
| | |
| | |
| [[Category:ArmA: Multiplayer|Server.cfg]]
| |
