Protections
Safeguard users with advanced phishing prevention and session protection
Repacket Protections help secure your organization with intelligent controls against phishing attacks and session hijacking attempts.
Overview
The Protections module provides advanced protection capabilities that you can layer on top of any traffic.
Phishing Prevention
Detect and block sophisticated phishing attempts using AI and known-bad sites
Session Protection
Prevent session hijacking by encrypting cookies for critical applications
How It Works
The Protections module operates through a unified rule builder that allows administrators to apply specific protection types to defined traffic categories or applications.
AI Phishing Scan
You should enable a “Block” rule for the “Phishing” category in your Firewall rules alongside this protection.
Repacket can be configured to run an “AI Phishing Scan” on webpages - detecting and blocking previously unknown phishing websites, like spearphishing.
We highly recommend applying this to the “Uncategorized” category.
You can read more about this feature on our AI Phishing Scan documentation.
Session Protection
Session Protection is a Repacket Protection which allows you to encrypt the session cookies within your browser.
This allows you to prevent malware or XSS attacks from stealing your session cookies for use on other devices — Repacket cookies can only be used on the device they were created on!
Repacket provides pre-configured session protection for popular services like Google, Okta, GitHub, and others.
This feature can also be used to block cookies, for instance, in the case of ad tracking cookies.
You can read more about this feature on our Session Protection documentation.
Creating Protection Rules
Navigate to Protections
Go to the Protections section in your Repacket dashboard.
Create a new rule
Click the “Create new rule” button in the top right corner.
Select rule type
Choose between “Session Protection” or “Phishing Prevention” depending on your needs.
Configure matching criteria
For Session Protection: Select specific applications from the dropdown (Google, Atlassian, etc.)
For Phishing Prevention: Choose categories or domains to apply the protection to
(Optional) Select specific users
Define which users or groups the rule should apply to or exclude.
Configure protection settings
For Session Protection: Choose which cookies to encrypt (all, HttpOnly, or custom patterns)
For Phishing Prevention: Configure AI sensitivity and warning behavior
Save your rule
Apply your changes to enforce the new protection rule across your network.
Best Practices
Related Features
Was this page helpful?