Rate Limit Check

Prevents packet flooding by limiting packets per type per second.

What It Does

The Rate Limit check monitors how many packets of each type a player sends within a time window. If a player exceeds the configured limit for any packet type, their violation level increases and the excess packets are cancelled.

Why It's Needed

Packet flooding is one of the most common attack vectors:

  • Server lag - Processing thousands of packets per second consumes CPU
  • Resource exhaustion - Memory and network bandwidth are wasted
  • Game disruption - Other players experience lag from the load
  • Crash potential - Extreme floods can crash the server

How It Works

GAPE maintains a sliding time window for each player and packet type. For example, with a 1-second window and 20 packet limit:

  • Player sends 15 movement packets in 1 second - Allowed, no violation
  • Player sends 25 movement packets in 1 second - Violation +1, 5 packets cancelled
  • Player sends 20 packets over 2 seconds - Allowed, under limit

What It Protects Against

Movement Packet Floods

Attackers send hundreds of position/rotation packets per second to lag the server or bypass anti-cheat checks.

Interaction Spam

Rapid block breaking, placing, or entity interactions that overwhelm server processing.

Inventory Click Floods

Spamming inventory clicks to cause lag or exploit item duplication bugs.

Chat/Command Spam

Flooding chat or commands to disrupt gameplay or exploit command processing.

Configuration Options

Per-Packet Type Limits

Set different limits for different packet types:

  • Movement packets: 20-30 per second
  • Interaction packets: 10-20 per second
  • Inventory packets: 15-25 per second
  • Chat packets: 3-5 per second
  • Command packets: 5-10 per second

Time Window

How long to track packets before resetting:

  • 1 second: Strict, prevents short bursts
  • 5 seconds: Balanced (recommended)
  • 10 seconds: Lenient, allows larger bursts

Violation Threshold

How many times a player can exceed the limit before action is taken:

  • 1-3: Strict enforcement
  • 5: Balanced (default)
  • 10+: Very lenient

False Positives

Rate limiting rarely causes false positives with proper configuration. Potential edge cases:

  • Laggy connections: Players reconnecting may send packet bursts
  • Modded clients: Some mods send extra packets for features
  • Creative mode: Fast building can trigger interaction limits

Solution: Increase limits slightly or raise violation threshold.

Performance Impact

Rate limiting has minimal overhead:

  • Per-packet: ~50ns
  • Memory: ~200 bytes per player
  • Scales to: 1000+ concurrent players

Best Practices

  • Start with default limits and adjust based on logs
  • Monitor false positives during peak hours
  • Use different limits for different game modes
  • Enable alerts for repeated violations
  • Combine with Packet Flood check for layered protection
Tip: This check works in combination with Packet Flood. Rate Limit is per-packet-type, while Packet Flood monitors total packet rate across all types.