I have set up fire wall rules to protect my forum, they work great to stop the frequent DDoS that we get.
The main problem i have now is, if i set up the rule to use JS Challenge, the DDoS seems to bypass this and our homepage is flooded with GET requests.
If i switch the rule to use a Captcha instead, then our server logs go back to normal and the DDoS is blocked by Cloudflare.
My question is, is there any way to stop the DDoS without genuine users having to use captcha everytime they stop by the site?
I tried using “threat level” scores but that seems to be ineffective.
thanks in advance to anyone who was able to help me!