Repacket Protections help secure your organization with intelligent controls against phishing attacks and session hijacking attempts.

Overview

The Protections module provides advanced protection capabilities that you can layer on top of any traffic.

Phishing Prevention

Detect and block sophisticated phishing attempts using AI and known-bad sites

Session Protection

Prevent session hijacking by encrypting cookies for critical applications

How It Works

The Protections module operates through a unified rule builder that allows administrators to apply specific protection types to defined traffic categories or applications. Protection rules builder interface showing spearphishing rule

AI Phishing Scan

You should enable a “Block” rule for the “Phishing” category in your Firewall rules alongside this protection.
Repacket can be configured to run an “AI Phishing Scan” on webpages - detecting and blocking previously unknown phishing websites, like spearphishing. We highly recommend applying this to the “Uncategorized” category. You can read more about this feature on our AI Phishing Scan documentation.

Session Protection

Session Protection is a Repacket Protection which allows you to encrypt the session cookies within your browser. This allows you to prevent malware or XSS attacks from stealing your session cookies for use on other devices — Repacket cookies can only be used on the device they were created on! Repacket provides pre-configured session protection for popular services like Google, Okta, GitHub, and others. This feature can also be used to block cookies, for instance, in the case of ad tracking cookies. You can read more about this feature on our Session Protection documentation.

Creating Protection Rules

1

Navigate to Protections

Go to the Protections section in your Repacket dashboard.
2

Create a new rule

Click the “Create new rule” button in the top right corner.
3

Select rule type

Choose between “Session Protection” or “Phishing Prevention” depending on your needs.
4

Configure matching criteria

For Session Protection: Select specific applications from the dropdown (Google, Atlassian, etc.)For Phishing Prevention: Choose categories or domains to apply the protection to
5

(Optional) Select specific users

Define which users or groups the rule should apply to or exclude.
6

Configure protection settings

For Session Protection: Choose which cookies to encrypt (all, HttpOnly, or custom patterns)For Phishing Prevention: Configure AI sensitivity and warning behavior
7

Save your rule

Apply your changes to enforce the new protection rule across your network.

Best Practices

Firewall

Control internet access with granular access rules

Data Loss Prevention

Prevent sensitive data from being uploaded to unapproved platforms

Custom Categories

Create your own categories for more targeted protection

User Management

Manage users and groups for exception handling