Knowledgebase: False Positives
What is the Session protection feature?
Posted by Alice Lankri (Import), Last modified by on 05 May 2011 09:10 PM
dotDefender implements a Session Protection mechanism that prevents an attacker from sending a large number of HTTP requests in a short period of time.
Each user's IP is measured against number of HTTP requests / pre-defined time interval. For instance: 200 requests / 2 minutes.
Whenever a client IP exceeds the abovementioned threshold, dotDefender bans this IP for a user-defined period of time, before it is allowed to access the website again. This configuration may be tweaked per website, allowing tailoring the appropriate threshold per site average load.

In order to tweak this feature, kindly go to "Default security profile" --> "Session protection".
(67 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako