Request Verification

We provide you with a simple mechanism in case your website is ever under a DoS or DDoS Attack.

Warning

If you do not have the Web Application Firewall enabled, consider enabling it first before you enable the attack mode, even a basic WAF configuration can prevent attacks in the future, while the Attack mode is meant as a purely reactive measure.

Setup

In the cockpit you can enable the attack mode for individual websites. Simply edit the website, switch to the “Advanced” Tab and enable “Attack Mode” in the security section.

The attack mode presents each user with a verification challange they will need to pass before they are allowed through to your website.

This is primarly a protection against automated DoS attacks and DDoS attacks for unoptimized websites.

Warning

If you are using a Custom Default Webroot, the “Attack Mode” may not be working properly. This is because the correspondig file human-verification.html was added after the current Managed Server release to the Custom Default Webroot. If this file is not present, the “Attack Mode” will still block requests to your website, but users won’t have a way to verify that they are human. Meaning that they will be shown a error message provided by the apache webserver. To fix this issue add a custom human-verification.html to your Custom Default Webroot.