Custom Token Settings

The following settings are available when configuring a content protection policy and set the Identity Provider as Custom Token.

  • Invalid Custom Token - Distil inspects each API request for an identifier that denotes how the requested API URL is used. If the custom token associated with the request does not match the API URL’s Identity Providers, the customer returns a 401 error code and Distil fires the action for the Invalid Custom Token violation.

  • No Distil Identifier - If Distil does not detect a Distil token nor a custom token while inspecting an API request, the action for the No Distil Identifier violation is fired.

  • Known Violators - Distil maintains a shared list of Distil Identifiers and User Agents that have already been detected as threats across our network. If we have detected a known violator on another site, your own site is automatically protected from that threat. Masquerading as a Googlebot will land the violator on this list.

  • Known Violator Data Centers - Distil maintains a list of data centers IPs that commonly host malicious requests. Blocking any traffic from such data centers on first request, the list includes both common cloud and managed hosting providers (e.g., Rackspace). Distil is continually curating and updating our KVDC list.

  • Identities - Distil verifies the identity of incoming requests. Malicious bots can easily spoof user agents by masquerading as a good bot. Distil forces two-factor authentication (user agent and the IP space) for all good bots, verifying that they’re coming from correct user agents. We then confirm that each request maps to one of the IP addresses within the range of the corresponding bot. If it doesn’t, the request is flagged as a malicious attempt.     

  • Aggregator User Agents - Distil checks a homegrown list of known malicious aggregator user agents. These provide zero value to your site and can also crawl certain parts of it in a harsh manner—potentially impacting performance and reliability. Unless you require complete and open access to such tools as RSS or Atom feeds, Distil recommends blocking these request types.
  • Requests Per Minute - Distil measures the number of pages a user verified by a custom token visits per minute. If the number exceeds the number set in the settings, the action for Requests Per Minute violation will be triggered.

  • Requests Per Session - Distil measures the number of pages a user verified by a custom token  visits per session. If the number exceeds the number set in the settings, the action for Requests Per Session violation will be triggered.

  • Session Length - Distil measures the session length of users verified by a custom token. If the length exceeds the number set in the settings, the action for Session Length violation will be triggered.

This list shows which violations users can expect to see in the Trap Analysis report when they enable policy settings using the Custom Token identifier.

Policy Settings

Trap (Violation) Names

Known Violators

Known Violators

Known Violator User Agent


Browser Integrity Check

Bad User Agents

Aggregator User Agents

Aggregator User Agents

Known Violator Data Centers

Known Violator Data Center

No Distil Identifier

Missing Unique ID

Pages Per Minute Action

Pages Per Minute Exceeded

Pages Per Session Action

Pages Per Session Exceeded

Session Length Action

Session Length Exceeded

Invalid Custom Token

Exceeds Invalid Request Counter

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request