What is TCPShield?

TCPShield is a high-availability DDoS mitigation platform.

Why use TCPShield?

When you use TCPShield, the IP address of your server will be hidden, thanks to the provided reverse proxy. This way, even if you suffer a DDoS attack, all illegitimate packets will be filtered out by their protection.

However TCPShield is free only for 1 terabyte of monthly bandwidth.

How to use it with nAntiBot?

You need to have a registered domain and a DNS service. In this tutorial we will be using Cloudflare.

Creating the account and setting up DNS

  1. Create a TCPShield account https://panel.tcpshield.com/.

  2. After that, create a network and give it a name, like the example below:

  3. Copy the protected CNAME provided. It should look like this: "b89c987e47b422bcee0086c857c7546117d6f901.ipv4.tcpshield.com".

  4. Create a CNAME entry, enter the desired subdomain and the protected CNAME from the previous step.

Pointing to your server

  1. Go to the Backends panel and create a first set of backends.

  2. After that, go back to your network configuration and add a domain. Also define the set of backends you created in the previous step.

Configuring the proxy server


Enable haproxy-protocol in the advanced section


Enable the proxy_protocol option in the listeners section.

Configuring nAntiBot

  1. Go to nAntiBot config.yml and configure haproxy.

  2. Reload the plugin with the /ab reload command.

In some cases it may be necessary to enable the option adapters.handshake-data-passthrough

It is recommended to enable it in case of problems.

Testing the configuration

Test if you have configured the server correctly by putting your server's IP on this site: https://mcsrvstat.us/

Then take the IP and dump it into your browser.

If everything is set up correctly, you will be redirected to the TCPShield home page.

Extra trusted sources


If you use Cloudflare in TCPShield, add the URL https://tcpshield.com/v4-cf/ in trusted option.


If your TCPShield registry points to sgp.tcpshield.net, you must allow CIDR

Last updated