Why is this version PRO
This is the paid version of the default, free and open-source one found here. It is intended for clients that need this installed (and optionally hosted).
This also includes the support that is not provided with the default version.
At 79.99, it is cheaper than 1 month of TCPShield, and will greatly reduce costs with mitigation over the long run. With it being Open-Source, you have full configurability and transparency into how it works.
This is mainly intended at large networks wanting to lower mitigation costs, or companies that can't just proxy all traffic through third party proxy like TCPShield
MineWall is a Layer 7 mitigation toolset for protocol specifications like Minecraft. It uses forensic data from multiple providers and experience working with 4 figure player Minecraft networks.
It is mainly targeted at Minecraft servers, or applications having a similar networking footprint as the former. However, it may work well for other applications where proxies are the main tool used for attacks. It is highly recommended to test pre-deployment and to take proper measures to optimize for your own end use-case.
It can significantly slow an attack, as you can see below with it and 2ls antibot managing to mitigate a 10k attack without it seem like much.
Before & After
TCPShield v MineWall
Unlike TCPShield, MineWall is fully self hosted, and can lower the attack strength that ends up on your server significantly (Over the 99.9% mark). This is enough to allow any end anti-bot plugin to do it's job without fearing that large attacks will overwhelm it.
For 1 year of hosting a large network with TCPShield, you'd pay 1200$, which you can otherwise save by purchasing MineWall, and installing it on your own host (This on a 20$ VPS can mitigate attacks up to a few hundreds of thousands of bots), you only spend only ~320$ in total).
Not only that, but you get to decide the settings of how you mitigate, and if you have better ping, you won't lose it by routing through a third party.
Hosting provider friendly
Because this runs 100% in the firewall, you can set this up for port ranges you rent out to your clients to also protect them of attacks. This will improve performance for them and raise your reputation as a strong host where clients do not need to worry about things like DDoS attacks.
A 3 layered approach
The application is comprised of 3 different layers of mitigation, depending on the validity of the source user:
- The whitelist is used for IPs that are already validated as safe users.
- The graylist is based on low risk countries that rarely are the source of bots. The behavior is to limit the connection speed with a permissive ratelimit.
- The graylist (default) behavior is to strongly limit incoming connections via strict ratelimit.
Sources
We believe transparency in our forensic research is key to replicability and the effectiveness of our solution. We've appended our sources below:
https://radar.cloudflare.com/ https://github.com/herrbischoff/country-ip-blocks
Additionally, we have used some proprietary data from EntryRise and it's customers in designing the early predecessors of this firewall, available here
Explanatory Schema
- Type
- Offering
Last edited by a moderator:
