First of all, the pure server whitelist is used to make sure clients can only load certain custom files when they join the server, and ensure that specific files or entire folders are from steam and not custom. This is so that people who are trying to cheat with invisible materials or materials that show through others can't load them. In addition, you might blacklist the spy uncloak sound, or the sound of footsteps, to make sure people are not replacing those sounds with louder, easier-to-hear sounds.
Anyway, the system SRCDS uses is a bit confusing. First of all, whitelist.cfg in the orangebox/tf/ folder is NOT the file we're working with. It's unrelated (and to be honest I'm not sure what it's used for--if someone knows it would be good for me to learn). The file that we're editing is pure_server_whitelist.txt and it's in the orangebox/hl2/ directory (not in the tf/ directory!).
I might as well go over sv_pure while I'm at it. sv_pure is a convar that controls whether you use the whitelist or not. If sv_pure is set to 0, no whitelist is used and all custom files are accepted. This works all right for a public server but is a bit risky. If sv_pure is set to 1, you use pure_server_whitelist.txt to control what is allowed and what isn't. Finally, if sv_pure is set to 2, no custom files are allowed. This is not ideal because, in addition to not allowing players to use custom models, sprays aren't permitted. People like sprays!
Anyway, back to pure_server_whitelist.txt. This file is finicky and will crash the server if you mess it up, so make sure you can change maps and use rcon commands before trying to fill up a server with a whitelist set up. A couple points that are important to avoiding crashes:
- Duplicate entries are apparently not permitted. They seem to crash our server. So make sure you do not set the same directory or filename twice.
- Don't forget underscores or spaces when formatting. This could also cause crashes, and it's hard to find the errors.
Here is an example of a working whitelist:
- Code: Select all
Whitelist
{
// 3 modifiers are allowed on file specifications:
//
// from_steam - only check the Steam cache for the file (ignore anything on disk)
// allow_from_disk - allow the file to come from disk
// check_crc - used with allow_from_disk - server does CRC checks on the client's file to make sure it matches
//
// The default modifier on all files is allow_from_disk. Thus, all files can come from disk and don't need CRC checks unless
// allow_from_disk can be set at the same time as check_crc. Use the + character in between them to signify this: allow_from_disk+check_crc.
//
// Three types of file specifications:
//
// 1. directory\*.* - refers to all files under the directory
// 2. directory\... - refers to all files under the directory and all directories under that (recursively)
// 3. directory\filename - refers to a single file
//
// By default, when in pure server mode, most content file types are only allowed to come from Steam.
//
materials\... from_steam
models\... allow_from_disk
sound\... allow_from_disk
// Allow custom player models. Don't do CRC checks on them because the clients may all
// have different custom models and the server won't have them all.
models\player\... allow_from_disk
materials\models\player\... allow_from_disk
//
// Allow custom spray decals.
//
materials\temp\... allow_from_disk
materials\vgui\logos\... allow_from_disk
materials\vgui\logos\ui\... allow_from_disk
//
//Unblocked content:
//
materials\models\buildables\... allow_from_disk
materials\models\weapons\... allow_from_disk
materials\models\items\... allow_from_disk
materials\models\flag\... allow_from_disk
materials\console\... allow_from_disk
materials\particle\... allow_from_disk
materials\Particles\... allow_from_disk
materials\sprites\... allow_from_disk
materials\Effects\... allow_from_disk
materials\signs\... allow_from_disk
materials\HUD\... allow_from_disk
//
//Blocked Content:
//
materials\models\weapons\w_sniperrifle... from_steam
sound\player\footsteps\... from_steam
sound\player\spy_uncloak.wav from_steam
sound\player\spy_cloak.wav from_steam
sound\player\spy_disguise.wav from_steam
sound\player\spy_uncloak_feigndeath.wav from_steam
materials\Effects\sniperdot.vmt from_steam
materials\Effects\sniperdot.vtf from_steam
materials\Effects\sniperdot_blue.vmt from_steam
materials\Effects\sniperdot_blue.vtf from_steam
materials\Effects\sniperdot_red.vmt from_steam
materials\Effects\sniperdot_red.vtf from_steam
materials\water\... from_steam
materials\wood\... from_steam
materials\concrete\... from_steam
materials\metal\... from_steam
materials\nature\... from_steam
}
NOTE: I am not sure myself if this whitelist suffices against material cheaters. If you know more about the subject I'd love to change the whitelist to be more secure. I hope it at least provides some protection against simpler hacks. I don't guarantee it, though.
I think the directions in the comments of the file should be enough to guide someone through customizing the whitelist. However, I wanted to make sure that it was clear which file needed to be edited, and provide a working example and some pointers to avoiding crashes.
I hope this helps someone.
benny your awsome