How much time I can use "Under Attack" mode? Is there a time limit?


I’m a lone developer that wants his website (a small online game) protected from unknown connections via WebSocket to the game server (I have free account in Cloudflare).

I enabled “Under Attack” mode, and it solved my problem. I don’t need authentication, CORS, or anything else for the users (it’s an open source project, no business here).

How much time “Under Attack” mode can be enabled, for security purposes and of course avoiding DDoS attacks? Can I use it for 1 month? 6 months? 1 year?

Thank you,

You can leave it on forever :slight_smile:


In addition, expect fewer visitors, possible issues with crawling/indexing your website from search engines and possible issues with requests made to WSS (debug/errors in the console due to IUAM protection service being enabled) if so.


Note that Cloudflare won’t mitigate WebSocket attacks. If somebody establishes a connection, Cloudflare will act as a transparent proxy.

To mitigate any WebSocket attack, you will have to block the attack somehow before the connection is established.


Thank you guys! It’s really amazing that we have solutions like Cloudflare for free in our world, to make the internet better and safer for everyone.

If someone wants to see the project, here’s a link:

Thank you! :slight_smile:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.