How to Reduce the Risk of Denial-of-Service Attacks
A denial of service can occur when an external application attempts to overload your Web application and consume all of its resources. You can reduce the risk of denial-of-service attacks against your Web application by using specific Commerce Server Core Systems settings and following certain design and coding practices. The following list identifies steps that you can take to help protect your Web application from denial-of-service attacks:
Limit the number of baskets that an anonymous user can create. This is something that you must consider when you design your site; Commerce Server Core Systems does not provide specific mechanisms for this. In particular, if you allow anonymous users to name their own baskets, you should limit the number of named baskets that they can create.
Restrict the number of runtime objects that can be created in a user’s session by using the Limits element in your application’s Web.config file. For more information about the Limits element, see Limits Element.