TsgcWebSocketFirewall › Properties
Published properties grouped by purpose, followed by the full alphabetical list.
| Name | Description |
|---|---|
| Enabled | Master on/off switch for the whole firewall; when False every check is bypassed and all connections/messages are allowed. |
| Name | Description |
|---|---|
| Blacklist | Deny list of IP addresses and CIDR ranges whose connections are rejected before any other check. |
| Whitelist | Allow list of trusted IP addresses and CIDR ranges; whitelisted IPs bypass all other firewall checks. |
| CustomRules | User-defined rule engine that combines IP, country, message and violation-count conditions with a configurable action. |
| Name | Description |
|---|---|
| BruteForce | Tracks failed authentication attempts per IP and bans addresses that exceed a configurable threshold within a time window. |
| SQLInjection | Scans inbound messages for SQL injection patterns and denies, allows or logs them according to Action. |
| XSS | Scans inbound messages for cross-site scripting patterns and denies, allows or logs them according to Action. |
| PathTraversal | Scans inbound messages for directory traversal patterns and denies, allows or logs them according to Action. |
| CommandInjection | Scans inbound messages for shell command injection patterns and denies, allows or logs them according to Action. |
| PayloadLimit | Rejects inbound messages whose size exceeds MaxSizeBytes to protect against oversized payload attacks. |
| WebSocketProtection | WebSocket-specific validation for allowed origins, maximum frame size and allowed subprotocols. |
| Name | Description |
|---|---|
| RateLimit | Caps the number of concurrent connections a single IP may open within a sliding time window. |
| FloodProtection | Caps the number of messages per second a single IP may send to protect against message-flood attacks. |
| Name | Description |
|---|---|
| ThreatScore | Per-IP cumulative risk score that auto-bans addresses once they cross AutoBanThreshold. |
| BanEscalation | Progressive ban duration that grows per repeated offence by stepping through the Levels list. |
| Name | Description |
|---|---|
| GeoIP | Country-based filter that accepts or rejects connections using ISO country codes resolved from a GeoIP database. |
| Name | Description |
|---|---|
| BanEscalation | Progressive ban duration that grows per repeated offence by stepping through the Levels list. |
| Blacklist | Deny list of IP addresses and CIDR ranges whose connections are rejected before any other check. |
| BruteForce | Tracks failed authentication attempts per IP and bans addresses that exceed a configurable threshold within a time window. |
| CommandInjection | Scans inbound messages for shell command injection patterns and denies, allows or logs them according to Action. |
| CustomRules | User-defined rule engine that combines IP, country, message and violation-count conditions with a configurable action. |
| Enabled | Master on/off switch for the whole firewall; when False every check is bypassed and all connections/messages are allowed. |
| FloodProtection | Caps the number of messages per second a single IP may send to protect against message-flood attacks. |
| GeoIP | Country-based filter that accepts or rejects connections using ISO country codes resolved from a GeoIP database. |
| PathTraversal | Scans inbound messages for directory traversal patterns and denies, allows or logs them according to Action. |
| PayloadLimit | Rejects inbound messages whose size exceeds MaxSizeBytes to protect against oversized payload attacks. |
| RateLimit | Caps the number of concurrent connections a single IP may open within a sliding time window. |
| SQLInjection | Scans inbound messages for SQL injection patterns and denies, allows or logs them according to Action. |
| ThreatScore | Per-IP cumulative risk score that auto-bans addresses once they cross AutoBanThreshold. |
| WebSocketProtection | WebSocket-specific validation for allowed origins, maximum frame size and allowed subprotocols. |
| Whitelist | Allow list of trusted IP addresses and CIDR ranges; whitelisted IPs bypass all other firewall checks. |
| XSS | Scans inbound messages for cross-site scripting patterns and denies, allows or logs them according to Action. |