Request Verification

We provide you with a simple mechanism in case your website is ever under a DoS or DDoS Attack.

Warning

If you do not have the Web Application Firewall enabled, it may be wise to enable it before you enable the attack mode, even a basic WAF configuration can prevent attacks in the future, while the Attack mode is meant as a purely reactive measure.

Setup

In the cockpit you can enable the attack mode for individual websites. Simply edit the website, switch to the “Advanced” Tab and enable “Attack Mode” in the security section.

The attack mode presents each user with a verification challange they will need to pass before they are allowed through to your website.

This is primarly a protection against automated DoS attacks and DDoS attacks for unoptimized websites.

Warning

If you are using a custom default webroot, the “Attack Mode” will currently not work. Support for custom default webroots will be implemented in the future. This is because the “Attack Mode” relies on a file in the custom default webroots called human-verification.html. If it is not present, the “Attack Mode” will still block requests to your website, but users won’t have a way to verify that they are human by themselves.