Server API
Tamper
Passive exploit detection layer. Tamper observes the request pipeline and accumulates strikes against players who show suspicious behaviour. It never blocks requests itself — blocking is done by the rate limiter and middleware. Tamper is a singleton.
Import
local Tamper = RoExpress.Tamper
setup
Configuration
Configure the strike threshold, autokick behaviour, and a custom onKick callback. Passive detection of malformed payloads is always active.
Tamper.Configure · threshold · autokick
→
detection
Strikes
Issue manual strikes, read a player's current count, and reset it. When a player reaches the configured threshold, the autokick or your onKick callback fires.
Tamper.Strike · Tamper.GetStrikes · Tamper.Reset
→
security
Version Checking
Every packet carries a version token. A mismatch is a silent drop — the request is discarded before it reaches any handler. No strike is issued.
version token · silent drop
→
See also
Request Pipeline | where version check fits in the pipeline · App Middleware | block requests with 403 · TokenBucket | rate limiting (429) · Tamper Guide | combining middleware with Tamper