Learn how Cloudflare Under Attack mode protects your site and how to enable it when your site is under DDOS attack.
Overview
Cloudflare Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. When enabled, visitors see an interstitial page:
The "Checking your browser before accessing..." challenge determines whether to block or allow a visitor within 5 seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in Challenge Passage in the Cloudflare Firewall app under the Settings tab.
The parameters __cf_chl_jschl_tk__ and __cf_chl_captcha_tk__ are added to the url after a visitor successfully passes a challenge or Captcha, respectively. These parameters ensure that visitors challenged via JavaScript or Captcha don't need to refill and resubmit form data (HTTP POST) after passing a challenge.
Enable Cloudflare Under Attack mode
Depending on your needs, there are a couple of possible configurations:
- Enable I'm Under Attack mode outright for the entire site:
- Log in to your Cloudflare account.
- Select the domain to protect.
- Click the Firewall app.
- Click the Settings tab.
- Under Security Level, select I'm Under Attack!.
- Enable I'm Under Attack mode for specific web pages or sections of your site using a page rule.
- Conversely, use a page rule to disable I'm Under Attack mode for areas of your site broken by I'm Under Attack mode or known to not be attacked.
- Enable I'm Under Attack mode (or other challenges) for specific ASNs (hosts/ISPs that own IP addresses, e.g. Amazon has an ASN, Cloudflare has an ASN, Comcast has an ASN, etc - useful if a majority of attack traffic comes from a specific host), countries, or IP ranges using the IP Access Rules.