Protection from bots. Configuring blocking of frequent requests by IP

Various external systems can automatically collect data from your site. This can create a lot of load on the site. You can block their activity based on the frequency of requests from a specific IP.

The system has a mechanism that analyzes the frequency of requests from different IP addresses.

If there are too many requests per minute from a certain IP, then it is blocked for a while. 

Settings in web.config (или appsettings.json): 

  • security:requestsInMinuteLimit - if not empty, then the IP activity analysis system is enabled. Specifies the maximum number of hits per minute (meaning page loads).If the number of requests from a certain IP exceeds this limit, the IP is added to the blacklist and this IP with the blockIP code is recorded in trace (for logging and subsequent analysis).
  • security:blockIPCacheMin - The list of blocked IP addresses is in the application cache. It is cleared after the number of minutes specified in this parameter (20 minutes by default). 

Do not set the value of security:requests In Minute Limit too small, otherwise there is a risk of banning normal requests. Set the value from 40-50.

If a user or bot is blocked, it gets an empty page with the word denied.


  • If your application uses a lot of users with 1 IP, then you need to significantly increase this limit (do not do it end-to-end for 1 user).
  • According to the trace table, you can understand whether there are cases of IP blocking (code blockIP). 
  • By default, the locking system is disabled (i.e. settings security:requestsInMinuteLimit no or it's empty). 
Falcon Space is a functional web development platform on a narrow stack MS SQL/Bootstrap. Falcon Space Gettting started

Falcon Space Platform

This is a reduction in the cost of ownership

at the expense of fewer people to support

This is a quick change

while using the program

This is a modern interface

full adaptation for mobile devices