How do I setup an interstitial page so when new users access my website they must pass that page first.
I’ve seen lots of forums using it. It’s like the page you see when you have ‘I’m Under Attack’ activated.
That sounds exactly like the Under Attack page. You can do this with a Page Rule: Match the Page Url, then set Security Level to Under Attack.
1 Like
You’ll need to upgrade to Pro plan to have the custom I’m Under Attack Mode Challenge page.
1 Like
Thanks. With under attack mode ON that page will randomly pop-up during inconvenient times like when you go to post a thread, and then your thread will be deleted.
So is there a way to make it only happen, lets say, once per unique user until they clear their cache. Or once per unique user daily, hourly etc…? Or is there no custom rules like that for under attack mode?
Thanks but I’m not after a custom under attack mode page, just the basic one.
I don’t think we have much control over how long a user stays validated after making it through Under Attack mode.
What problem are you trying to solve with this?
1 Like
This problem.
I’d like my site to be protected but I also don’t want to be interrupted when I go to post a thread of comment and instead get redirected to JS Challenge screen and then back to the previous page with everything I wrote deleted. At the moment it seems the JS Challenge screen will come back again every 20-30 minutes while browsing the site but I’d prefer the JS Challenge to happen once when initially visiting the site, and then again if the users cache is cleared or whatever.
I found this but I don’t know if it’ll work as I plan. I don’t know if it even accepts wildcards but basically I hope when you’re making a post (www.url.com/posting.php) the JS Challenge page won’t come up, but it can freely come up every where else?
If that doesn’t work, you can set your site’s Security Level to Under Attack in Firewall -> Settings, then add a Page Rule to Match the posting.php URL and give it a Security Level setting of High.
Your site is already generally protected, and as as a user, I avoid sites that constantly force me through the Under Attack interstitial. Even the setting states: “Should only be used if your website is under a DDoS attack”.
1 Like
Understand that, it is annoying to see but at the same time makes me feel protected 
. Alright I’ll give both methods a try and if worse comes to worse I’ll just turn it off, or set it high/medium at least.
Thanks again for your help!
1 Like
Never mind, this is almost exactly what I wanted.
Instead of 30 minutes I’ll set it to like 4 hours or something less intrusive. I’ll still try adding a page rule to stop any interruptions to posting 
EDIT: Also a little miffed as to why I need to use preset intervals and I can’t just write my own interval in seconds into that box haha
I totally missed that setting right below the setting I just told you about. The API doesn’t look like it adds any more flexibility on it, as its Valid Values match the dropdown menu in the dashboard. I suppose you could try other values and see if it rejects them.
https://api.cloudflare.com/#zone-settings-change-challenge-ttl-setting
1 Like
It took me a while to notice it also 
no worries. I’ll check that out!
1 Like
This topic was automatically closed after 30 days. New replies are no longer allowed.