HowTo: Set up a pure server whitelist

Report hackers, annoyers, crashes, problems here.

HowTo: Set up a pure server whitelist

by Vivi Hill » Sat Mar 19, 2011 7:30 pm

I'm posting this in the hopes that a server admin will find this after searching for how to install a pure server whitelist for the team fortress 2 dedicated server. I did this myself, and came up near empty, except for a post from GameBanana with an example whitelist that is broken.

First of all, the pure server whitelist is used to make sure clients can only load certain custom files when they join the server, and ensure that specific files or entire folders are from steam and not custom. This is so that people who are trying to cheat with invisible materials or materials that show through others can't load them. In addition, you might blacklist the spy uncloak sound, or the sound of footsteps, to make sure people are not replacing those sounds with louder, easier-to-hear sounds.

Anyway, the system SRCDS uses is a bit confusing. First of all, whitelist.cfg in the orangebox/tf/ folder is NOT the file we're working with. It's unrelated (and to be honest I'm not sure what it's used for--if someone knows it would be good for me to learn). The file that we're editing is pure_server_whitelist.txt and it's in the orangebox/hl2/ directory (not in the tf/ directory!).

I might as well go over sv_pure while I'm at it. sv_pure is a convar that controls whether you use the whitelist or not. If sv_pure is set to 0, no whitelist is used and all custom files are accepted. This works all right for a public server but is a bit risky. If sv_pure is set to 1, you use pure_server_whitelist.txt to control what is allowed and what isn't. Finally, if sv_pure is set to 2, no custom files are allowed. This is not ideal because, in addition to not allowing players to use custom models, sprays aren't permitted. People like sprays!

Anyway, back to pure_server_whitelist.txt. This file is finicky and will crash the server if you mess it up, so make sure you can change maps and use rcon commands before trying to fill up a server with a whitelist set up. A couple points that are important to avoiding crashes:

  • Duplicate entries are apparently not permitted. They seem to crash our server. So make sure you do not set the same directory or filename twice.
  • Don't forget underscores or spaces when formatting. This could also cause crashes, and it's hard to find the errors.

Here is an example of a working whitelist:

Code: Select all
Whitelist
{
   // 3 modifiers are allowed on file specifications:
   //
   //   from_steam      - only check the Steam cache for the file (ignore anything on disk)
   //   allow_from_disk      - allow the file to come from disk
   //   check_crc      - used with allow_from_disk - server does CRC checks on the client's file to make sure it matches
   //
   //   The default modifier on all files is allow_from_disk. Thus, all files can come from disk and don't need CRC checks unless
   //   allow_from_disk can be set at the same time as check_crc. Use the + character in between them to signify this: allow_from_disk+check_crc.


   //
   // Three types of file specifications:
   //
   //   1. directory\*.*   - refers to all files under the directory
   //   2. directory\...   - refers to all files under the directory and all directories under that (recursively)
   //   3. directory\filename   - refers to a single file
   

   //   
   // By default, when in pure server mode, most content file types are only allowed to come from Steam.
   //
   materials\...         from_steam
   models\...         allow_from_disk
   sound\...         allow_from_disk
   
   
   
   // Allow custom player models. Don't do CRC checks on them because the clients may all
   // have different custom models and the server won't have them all.
      
   models\player\...      allow_from_disk
   materials\models\player\...   allow_from_disk


   //
   // Allow custom spray decals.
   //
   materials\temp\...      allow_from_disk
   materials\vgui\logos\...   allow_from_disk
   materials\vgui\logos\ui\...   allow_from_disk
   
      
   //
   //Unblocked content:
   //
   materials\models\buildables\... allow_from_disk
   materials\models\weapons\...    allow_from_disk
   materials\models\items\...      allow_from_disk
   materials\models\flag\...       allow_from_disk
   materials\console\...           allow_from_disk
   materials\particle\...          allow_from_disk
   materials\Particles\...         allow_from_disk
   materials\sprites\...           allow_from_disk
   materials\Effects\...           allow_from_disk
   materials\signs\...             allow_from_disk
   materials\HUD\...               allow_from_disk

   //
   //Blocked Content:
   //
   materials\models\weapons\w_sniperrifle... from_steam
   sound\player\footsteps\...                from_steam
   sound\player\spy_uncloak.wav              from_steam
   sound\player\spy_cloak.wav                from_steam
   sound\player\spy_disguise.wav             from_steam
   sound\player\spy_uncloak_feigndeath.wav   from_steam
   materials\Effects\sniperdot.vmt           from_steam
   materials\Effects\sniperdot.vtf           from_steam
   materials\Effects\sniperdot_blue.vmt      from_steam
   materials\Effects\sniperdot_blue.vtf      from_steam
   materials\Effects\sniperdot_red.vmt       from_steam
   materials\Effects\sniperdot_red.vtf       from_steam
   materials\water\...                       from_steam
   materials\wood\...                        from_steam
   materials\concrete\...                    from_steam
   materials\metal\...                       from_steam
   materials\nature\...                  from_steam
   
}


NOTE: I am not sure myself if this whitelist suffices against material cheaters. If you know more about the subject I'd love to change the whitelist to be more secure. I hope it at least provides some protection against simpler hacks. I don't guarantee it, though.

I think the directions in the comments of the file should be enough to guide someone through customizing the whitelist. However, I wanted to make sure that it was clear which file needed to be edited, and provide a working example and some pointers to avoiding crashes.

I hope this helps someone.
Image
"Just because nobody complains doesn't mean all parachutes are perfect." --Benny Hill
User avatar
Vivi Hill
Red Admin
Master of Ceremonies
 
Posts: 1498
Joined: Sat Oct 09, 2010 12:27 pm
Location: Troy, NY

Re: HowTo: Set up a pure server whitelist

by Hatred » Sat Mar 19, 2011 7:37 pm

yet again a perfect example of why i love love critsandvich :) benny your awsome :)
also known as csn broken [UbM]
Hatred
Donator
 
Posts: 429
Joined: Sun Oct 31, 2010 6:07 pm
Location: toronto ON


Return to Server Support



Who is online

Users browsing this forum: No registered users and 1 guest