How to turn off "under attack mode" for site?

I had my site placed on “under attack” mode. I tried to disable it completely but the page shows a red banner below with regards to “enterprise”.

The 'under attack mode" needs to be turned off completely as we have a repository in a specific file inside the site’s directory and the captcha is blocking access to the files. Do I need to upgrade in order to do this?

Thank you

Post a screenshot of as well as a screenshot of the page you are referring to.

Thank you,

The blocked access is to a folder within the site’s files and does not have an actual “page”.

Below is what I received:
"Your RePEc archive at Index of /RePEc/new is protected by a Captcha. This prevents our automated process from mirroring your data.

You must disable the Captcha (or anything that relies on Javascript) for the RePEc archive for us to be able to continue to include your content in RePEc services."

That is not the page I posted.

1 Like

Kindly, check below screenshots and navigate to the same screens, reply back to us with which settings you’ve got selected for particular options:

  1. Dashboard - Overview tab:
  • on the right site you’ll see “Under attack mode” option to enable/disable (gray - disabled, green - enabled)
  1. Security → Settings tab:
  • from the dropdown menu, in the above example we see “Medium”, you might have something different?
  1. Page Rules tab:
  • in above example, currently no custom Page Rules used (in case if someone might set something different for some particular URLs)

From your posted screenshot, if those “blocked/challenged” requests come from your origin host/server IP, then I’d suggest you to allowlist it by adding your server IP to the Security → Tools → IP Access Rules with the action “allow” for your Website.

You still have the mode enabled and need to disable it. You can set it to Off (as the message suggests), but you can lower it to “Medium” for example.

1 Like

Below is the screenshot you requested:

Below is a current screenshot to my dashboard:

Does this mean that the captcha is now off/disabled completely?

The JavaScript challenge won’t be shown to every client any more.

I have no page rules enabled. Should I?

That’s a separate question and should be handled in a different thread.

Ok, I get that it won’t be shown on the website, but will the files still be accessible?

Of course, Cloudflare will proxy everything and apply security measures only according to your security level.

So my current security levels shown in the screenshots I provided will not proxy folders or will?

Whether something is proxied or not does not depend on the security level.

Your issue was that you issued a JavaScript challenge to each client. By changing the security level, that should not happen for each client any more.

I’d strongly recommend to check out

Thanks for your help

I was directed to “pause” Cloudflare service by Dreamhost. Will pausing the site on Cloudflare prevent the captcha/js issue? Dreamhost could not answer and asked for Cloudflare assistance on this.
Please clarify
thank you

That will pause Cloudflare and yes, as Cloudflare won’t be proxying your site any more, there won’t be challenges either.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.