Knowledgebase: False Positives
What is the Session protection feature?
Posted by Alice Lankri (Import), Last modified by on 05 May 2011 09:10 PM
dotDefender implements a Session Protection mechanism that prevents an
attacker from sending a large number of HTTP requests in a short period
of time. |
Each user's IP is measured against number of HTTP requests / pre-defined time interval. For instance: 200 requests / 2 minutes.
Whenever a client IP exceeds the abovementioned threshold, dotDefender bans this IP for a user-defined period of time, before it is allowed to access the website again. This configuration may be tweaked per website, allowing tailoring the appropriate threshold per site average load.
In order to tweak this feature, kindly go to "Default security profile" --> "Session protection".