This knowledge base article covers dotDefender basics such as how to determine if your request was blocked by the software, how to report the request to Edge Hosting Support, and how to log into dotDefender to view the block should you need to do so.
dotDefender is a web application firewall. It examines web based user interactions with your application(s) by performing deep inspection of HTTP traffic content in order to filter out harmful requests like SQL injection, cross-site scripting, etc. Running dotDefender locally on your web server complements our network based security measures such as your firewall and our intrusion protection system by filtering out attacks against your application itself.
As with any signature based filtration system, it is possible to receive a false positive within dotDefender. Any request blocked by dotDefender will return a page similar to the following:
- The 16 digit reference ID from the block. This can be copied and pasted from the error page into a new Support ticket.
- Steps to reproduce the issue. What URL are your hitting when the error occurs? Do we need to be logged into your application? Please provide a step by step to get logged in (if necessary) and reproduce the issue. We need this information in order to test once we have created an exception within dotDefender.
If you do NOT wish for us to attempt to reproduce the issue because it is service impacting, please do NOT provide the step by step, and instead submit the ticket with only the reference ID and provide contact information so we can call you when we're ready to test.
Although Edge Hosting is prefers to fully manage your dotDefender instance, we do allow customers direct access to the management interface by request. You can access the management interface to review your dotDefender logs and create exceptions to any rule that creates a false positive within your application.
Starting with dotDefender version 4, administration switched to a web based interface for all management. The URL format to access dotDefender administration is:
You can find your server hostname listed within the Support portal, or by logging in via RDP/SSH if you are unsure. If you are using dotDefender version 3 and lower, you will need to log into the server and manage dotDefender through the application locally as web access is not enabled for these versions.
AuthenticatingFor Windows Servers: You will need to login using your remote desktop username and password.
For Linux Servers: A user will need to be created.
In either case you can contact Support if you do not have access.
DotDefender rules are configured to update weekly. Rule testing is done by Applicure, the makers of dotDefender. Signature changes are pushed out to all clients as needed. These changes don't affect processing times and are minor changes. Rule changes that are significant are usually released as part of a software update rather than pushed out to existing clients. Should you wish to update dotDefender, please contact Support.