Learn how Cloudflare Under Attack mode protects your site and how to enable it when your site is under DDOS attack.
Overview
Cloudflare Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. It is designed to be used as one of the last resorts when a zone is under attacked (and will temporarily pause access to your site and impact your site analytics).
When enabled, visitors see an interstitial page.
The "Checking your browser before accessing..." challenge determines whether to block or allow a visitor within 5 seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in Challenge Passage, in Security > Settings.
Enable Cloudflare Under Attack mode
Depending on your needs, there are a couple of possible configurations:
- Enable I'm Under Attack mode outright for the entire site:
- Log in to your Cloudflare account.
- Select the domain to protect.
- Navigate to Security > Settings.
- Under Security Level, select I'm Under Attack!.
- Enable I'm Under Attack mode for specific web pages or sections of your site using a page rule.
- Conversely, use a page rule to disable I'm Under Attack mode for areas of your site broken by I'm Under Attack mode or known to not be attacked.
- Enable I'm Under Attack mode (or other challenges) for specific ASNs (hosts/ISPs that own IP addresses — for example, Amazon has an ASN, Cloudflare has an ASN, Comcast has an ASN, etc.; this is useful if a majority of attack traffic comes from a specific host), countries, or IP ranges using IP Access Rules.