I want to ask about - i'am under atack - mode


like you know i’am under atack - is a verry good service to protect your websites .
i want to know if there is an other service like this service where the visitor d’ont need to wait 5 secodes . the page appears directly without wating 5 secondes with full protection as i chose the under atack mode


Those five seconds are when Cloudflare detects user behavior and decides what to do.

You can change the length the user will be let in after first being allowed in the settings, but removing that page is not possible while keeping the firewall level to the maximum.

You could lower the level by one, trading some possible traffic passing through for less user wait.


If an user in my website use our Api
when it make a post request to my api with get_file_contents.
it appears to him the five seconds of cloudflare , and after this 5 seconds my website will say to him
Api error ! i think you understund why , because this under atack mode kill the first post request perhaps it work finely with get request .
Do you have a solution for this problem ?


Set a page rule for that path and change the security level of that part of your website.


In my website i use security livel : medium and all its ok
the problem is my website will be down because my very active api so i have created a page rule to my api with unnder atack mode and my website work good .
But i have another problem like i have said to you . i have 2 solution .
1- find another mode like under atack without waiting 5 seconds page appears drectly .
2 - or find solution to the post requests : example :
your api is : site.com/api=xxx
and you want to make this simple post form :

look this picture : gRY2ZoO

you can’t in first request and the visitor d’ont know that. he will leave my website


Cloudflare’s IUAM is checking to make sure the visitor is running a legit webserver with javascript. That won’t work for an API. For protecting an API a combination of the WAF (to block malicious requests), possibly caching API responses for non-user specific API responses and finally Cloudflare’s Rate Limiting to block malicious or abusive users are probably the approaches I would recommend.


if your website is down because your servers cant handle the api requests your solution is to solve this problem by find out why your api is so heavy on your servers or adding more servers to the stack, but you should not active IUAM just to reduce the load on your api from legal requests


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.