Security Checks Configuration

Enable, disable, and configure GAPE's 10 security checks.

Overview

GAPE includes 10 specialized security checks, each designed to detect and prevent specific types of exploits. Every check can be independently enabled, disabled, and configured with custom thresholds.

Check Structure

Each security check has the following configurable options:

Enable/Disable

Turn the check on or off completely. Disabled checks have zero performance overhead.

Violation Threshold

How many violations before taking action. Higher thresholds reduce false positives but may allow some exploits through initially.

Cancel Packet

Whether to block the malicious packet or just log it. Recommended to enable for all checks except when debugging.

Kick on Threshold

Automatically kick the player after reaching violation threshold. Use for severe exploits like crashers.

Alert Staff

Send alerts to online staff members with the gape.alerts permission when violations occur.

Individual Check Settings

Rate Limit

  • Default threshold: 5 violations
  • Recommended: Enable, cancel packets, alert on violation 3+
  • Purpose: Prevents packet flooding across all types

Tab Complete Crash

  • Default threshold: 1 violation
  • Recommended: Enable, cancel packets, kick on threshold
  • Purpose: Blocks malicious tab-completion packets that crash servers

Sign Exploit

  • Default threshold: 3 violations
  • Recommended: Enable, cancel packets, alert on violation 2+
  • Purpose: Validates sign NBT data to prevent sign-based crashes

Book Exploit

  • Default threshold: 3 violations
  • Recommended: Enable, cancel packets, alert on violation 2+
  • Purpose: Validates book NBT and prevents book-based exploits

Oversized Packet

  • Default threshold: 5 violations
  • Recommended: Enable, cancel packets, kick on threshold
  • Purpose: Blocks packets exceeding maximum size limits

Custom Payload Flood

  • Default threshold: 10 violations
  • Recommended: Enable, cancel packets, alert on violation 5+
  • Purpose: Prevents plugin message spam and netty pipeline injection

Packet Flood

  • Default threshold: 10 violations
  • Recommended: Enable, cancel packets, alert on violation 7+
  • Purpose: General flood protection across all packet types

Command Spam

  • Default threshold: 5 violations
  • Recommended: Enable, cancel packets, alert on violation 3+
  • Purpose: Prevents command flooding that can lag the server

NoCom Exploit

  • Default threshold: 5 violations
  • Recommended: Enable, cancel packets, kick on threshold
  • Purpose: Detects invalid player coordinates and position exploits

Crasher Detection

  • Default threshold: 1 violation
  • Recommended: Enable, cancel packets, kick immediately
  • Purpose: Multi-vector crash packet detection and prevention

Preset Configurations

Maximum Protection

For servers facing frequent attacks:

  • All checks enabled
  • Low violation thresholds (1-3)
  • Cancel all malicious packets
  • Kick on threshold for all crash-related checks
  • Alert staff on all violations

Balanced (Default)

Recommended for most servers:

  • All checks enabled
  • Moderate violation thresholds (3-5)
  • Cancel malicious packets
  • Kick only on severe exploits (crasher, tab complete)
  • Alert staff on repeated violations

Lenient

For trusted communities or testing environments:

  • All checks enabled
  • High violation thresholds (5-10)
  • Cancel only severe packets
  • No automatic kicks
  • Alert staff but allow some violations through

Customizing Thresholds

When to Lower Thresholds

  • Server is experiencing frequent exploit attempts
  • You want stricter enforcement of rules
  • False positive rate is low (check logs)
  • Your player base is mature and unlikely to accidentally trigger checks

When to Raise Thresholds

  • Legitimate players are being flagged
  • Server has unusual gameplay patterns (minigames, creative mode)
  • You want to gather data before enforcement
  • Using GAPE in alert-only mode initially

Check Priorities

If you need to disable some checks due to performance or compatibility, prioritize keeping these enabled:

Critical (Never Disable)

  1. Crasher Detection - Prevents server crashes
  2. Tab Complete Crash - Blocks common crash exploit
  3. Oversized Packet - Prevents resource exhaustion

High Priority

  1. Sign Exploit - Common attack vector
  2. Book Exploit - Common attack vector
  3. Custom Payload Flood - Prevents pipeline injection

Standard Priority

  1. Packet Flood - General protection
  2. Rate Limit - General protection
  3. Command Spam - Performance protection
  4. NoCom Exploit - Movement validation

Performance Impact by Check

Check Overhead Frequency
Rate Limit ~50ns Every packet
Packet Flood ~50ns Every packet
Sign Exploit ~200ns Sign update only
Book Exploit ~500ns Book edit only
Oversized Packet ~30ns Every packet
Custom Payload ~100ns Plugin messages only
Command Spam ~50ns Commands only
Tab Complete ~100ns Tab presses only
NoCom Exploit ~150ns Movement packets
Crasher ~200ns Every packet

Testing Your Configuration

  • Enable all checks with high thresholds initially
  • Set all checks to alert-only mode (don't cancel packets)
  • Monitor logs during peak hours for 24-48 hours
  • Identify which checks are triggering and why
  • Gradually lower thresholds and enable packet cancellation
  • Test with a variety of client versions and mods
Recommended: Use the default balanced configuration unless you have specific needs. GAPE's defaults are tuned for zero false positives on vanilla servers.