Understanding Cloudflare Under Attack mode (advanced DDOS protection)

Learn how Cloudflare Under Attack mode protects your site and how to enable it when your site is under DDOS attack.


Cloudflare Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks.  Validated users access your website and suspicious traffic is blocked. When enabled, visitors see an interstitial page:

gif of the browser check that occurs when 'im under attack' mode enabled

Browser JavaScript and Cookie support are required to pass the interstitial page.

The "Checking your browser before accessing..." challenge determines whether to block or allow a visitor within 5 seconds.  After passing the challenge, the visitor does not observe another challenge until the duration configured in Challenge Passage in the Cloudflare Firewall app under the Settings tab.

The parameters __cf_chl_jschl_tk__ and __cf_chl_captcha_tk__ are added to the url after a visitor successfully passes a challenge or Captcha, respectively.  These parameters ensure that visitors challenged via JavaScript or Captcha don't need to refill and resubmit form data (HTTP POST) after passing a challenge.

Enable Cloudflare Under Attack mode

Enable I’m Under Attack mode via the following steps:

  1. Log in to your Cloudflare account.
  2. Select the domain to protect.
  3. Click the Firewall app.
  4. Click the Settings tab.
  5. Under Security Level, select I'm Under Attack!.

Related resources

Challenge Passage

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.