Request Verification

We provide you with a simple mechanism in case your website is getting overloaded with hundreds or thousands of automated requests or even spome kinds of DoS or DDoS scenarios.

Warning

If you do not have the Web Application Firewall enabled, consider enabling it first before you enable the attack mode, even a basic WAF configuration can prevent attacks in the future and save some server resources, while the Attack mode is meant as a purely reactive measure and last resort.

Enable the Attack Mode

In the cockpit you can enable the attack mode for individual websites. Simply edit the website, switch to the “Advanced” Tab and enable “Attack Mode” in the security section.

The attack mode presents each user with a verification challange they will need to pass before they are allowed through to your website.

This is primarly a protection against automated bot attacks where the huge number or requests result in server overload - but does not safe from large scale DDoS attacks that flood the whole network.

Warning

If you are using a Custom Default Webroot, the “Attack Mode” may not be working properly. This is because the correspondig file human-verification.html was added after the current Managed Server release to the Custom Default Webroot. If this file is not present, the “Attack Mode” will still block requests to your website, but users won’t have a way to verify that they are human. Meaning that they will be shown a error message provided by the apache webserver. To fix this issue add a custom human-verification.html to your Custom Default Webroot.