Crazy 5 second "Under attack mode" Bugs


Hello, time ago i added a website inside my cloudflare account.
I added as free , but after i while i see it activated ALONE the “under attack mode” the website never had receive any attacks, the security on website it’s “Off” it has activated only SSL and forced HTTPS …

It have the SAME configuration as other my 5 website on cloudflare.

I tried to delete the website and to add again but it didnt work, the 5 second “under attack mode” stay enabled.

Please someone could help me? Thanks.


Are you still experiencing this issue? I checked all 6 of the zones associated with your email address and none seem to be set to IUAM right now.


Yes indeed noone of my domain are with UAM activated.
Check the .pl domain ( there is only one ) i tried to shutdown everything also but still show the 5 second.



I’m still a little confused. That zone is set to LOW security and IUAM is not enabled. It loads without error in all browsers for me. Are you getting CAPTCHA messages or can you take a screenshot of what you are seeing?



This happend only in some country , i tried from multiple pc, my customer see it , my friend see it ( which he never open the website ) my rdp from Netherland don’t see it.


There are a few of things that could be in play. As always, keep in mind that adjustments to your site’s security settings are done at your discretion.

Under the FIREWALL tab look for Web Application Firewall. From there you can adjust the Browser Integrity Check setting and see if that has the desired effect.

You can also try adjusting the Challenge Passage duration under the main section of the FIREWALL tab.

Lastly, you can connect with some of the impacted visitors and try to create access rules that to accommodate them specifically.

Hope this helps!


Security level in firewall is setup as low while other website (without uam is setup as medium but also on high shouldnt create problem… since uam is not activated) , i just put offline the browser integrity check…

I cannot setup rules for the customer of my customer it’s an ecommerce and it’s happend with many people.
It’s the first time after many years i use cloudflare this happend.

Any idea how to fix? I also tried to delete the website and to put it again…



This is happening now from almost 1weeks and half… thanks


Are you saying that the same visitor gets the delay only on that one site (with security set to LOW), but when they visit other sites you control (with security set higher) they don’t?


I’m sorry for my english, i know it can be confusonary , with other website they don’t see the 5 second delay.

With other website the visitor will see the 5 second delay only when UAM is activated ( and this is right obviusly)

But on .pl website they see the 5 second delay even if the security is setup on “low”



If the same visitor is getting more security checks on a zone with lower security settings in place that will require some deeper investigation by our support team.

You will want to contact support, login to Cloudflare and then contact Cloudflare Support and it would be helpful if you can provide some Ray IDs for review. Please contact some of the people who are experiencing the issue and ask them to provide the “Ray ID” that displays just below the “DDoS protection by Cloudflare” message on the browser check screen. If you look a the screenshot you posted you should be able to see what I’m describing.


Yes i did 2 days ago but still not received any reply… and still got the

DDoS protection by Cloudflare
Ray ID: 385047bae4b43d8f

forced HTTPS which don’t work , SSL sometimes don’t work too…

probably i have to buy it for receive any reply from support? Thanks


What is your ticket number?


request (#1384872)


Thanks. I’ve added some notes to your ticket so hopefully they can get to the bottom of this quickly. You don’t need to pay to get support, however tickets are prioritized by plan level and time/date received. You are in the queue and someone should be with you soon.