DocumentationЗащитаActive & Passive Protection

Active & Passive Protection

Difference between active and passive traffic mitigation

MineGuard's protection settings are divided into two groups: passive and active protection. These are distinct operating modes, and understanding the difference is important.

Passive

Always active

Reconnect cooldown
Client blocking
VPN/Proxy filter
Nickname rules

Active

When CPS exceeds threshold

Ban suspicious IPs
Session limit per IP
Login rate limit
Enhanced verification
Bot detection and Captcha work in both modes

Passive protection

Passive protection is always on — regardless of whether you're under attack. These are background rules that continuously filter traffic.

What passive protection includes:

  • Reconnect cooldown — a delay before reconnecting after a disconnect. Prevents bots from reconnecting in a loop
  • Client blocking — block connections from specific client types (Vanilla, Forge, Fabric)
  • VPN/Proxy blocking — block or send to captcha connections coming from VPNs and data centers
  • Nickname rules — length limits and regex filters on player names

These settings apply to every connection, at all times. Even when the server is quiet and peaceful, passive protection is running.

Mixed protection

Some features work in both passive and active modes — their behavior changes depending on the situation:

  • Bot detection — analyses connections using signatures and machine learning. In passive mode only basic analysis runs; during an attack, deeper checks kick in
  • Captcha — browser-based verification. Can run continuously or only activate during an attack — depends on your settings

Active protection

Active protection only activates during an attack. When the number of connections per second (CPS) exceeds a set threshold, mitigation mode kicks in with additional checks.

What active protection includes:

  • CPS threshold — how many connections per second triggers active protection (default: 5)
  • Ban duration — how long to block a suspicious IP
  • Allow duration — how long a verified player can connect without being re-checked
  • Max sessions per IP — limit on simultaneous connections from one address
  • Max logins per second — connection rate limit from one IP
  • Mitigation message — the text a player sees during a check

When the attack stops and CPS drops below the threshold, active protection turns off and only passive protection remains.

How they work together

Imagine your server normally has 50 players online.

1

A normal day

Passive protection runs in the background: checking nicknames, blocking VPNs if enabled, analysing connections for bots. Players connect without delays.
2

An attack begins

CPS spikes to 200. The threshold (5) is exceeded — active protection kicks in. Suspicious IPs get banned, new connections go through enhanced checks, session limits are enforced.
3

The attack ends

CPS drops. Active protection turns off. Passive protection continues running as normal.
In the control panel, you configure both groups on one page — Filtering. The "Active protection" tab is for attack settings, and "Passive protection" is for the always-on rules.
PreviousBedrock TunnelsNextMitigation