Pros/Cons - Always "I am Under Attack" Mode


#1

I have seen a lot of websites using “I am Under Attack” mode to screen all of their web traffic over the last few months.

Comment on the Pros/Cons if you used this setup.

  1. I am focused on ad networks, were they able to crawl your site effectively?
  2. Did you notice a drop in Google rankings?
  3. Did you notice any differences in average session time, pages/visit, bounce rate?

Thank you


#2

I only use it for my login page. If I were a visitor and got hit with that often enough for a site, I’d stop visiting. It’s not user-friendly. I could go on…but why are you considering implementing it site-wide? Isn’t “High Security” setting enough?


#3

It is not user friendly but the best bot protection cloudflare has to offer besides the challenge mode which is worst.


#4

Why would you be challenge or go thru the bot protection if your IP should be in the white list of approved addresses if not you should configure it to avoid any visitors getting challenge unnecessarily by having such hide setting “Im under Attack” mode; I will keep in mind what @sdayman said about using it for login or other secure areas you have access to but not site-wide unless you have some heavy competition after you :slight_smile: it; just a thought don’t even know if is relevant to your scenario but I will check this two areas IN THE SCREENSHOTS from a curious reader like me and see if this helps instead of going to “I am under attack” mode; I agree visitors will not want to be presented with barriers when visiting a site unless there have other intentions and that’s when the extra security comes in. Glad to read about this topic in reference to ads since that’s the route Im heading and seeing the restrictions and issues related to advance settings and ads rerouting which is one of my concerns in such a secure environment even thou I don’t have a webiste yet only a domain name with no CPANEL and wix and wordpress are requiring using paid domains not your own so Im sticking to the alternatives outside the secured environment for now but I wish you resolve your concern with this suggestions and I will continue learning from the PRO’S. Thank you!!:wink::wink:

From your questions I will say:

I am focused on ad networks, were they able to crawl your site effectively?

> THERE MIGHT BE ISSUES AND HTTP REWRITES MIGHT BE NEEDED BUT i MUST SAY THAT I DON’T THINK FROM LOGIC THAT IT WILL AFFECT YOUR GOOGLE RANKINGS BUT WILL OR MIGHT SEE DIFERENCES IN SESSION TIME AND BOUNCE RATES BUT YOU WILL ONLY KNOW IF YOU TEST THEM…

Did you notice a drop in Google rankings? I DONT THINK SO
Did you notice any differences in average session time, pages/visit, bounce rate? MAYBE


#5

Thank you both for your replies.

I have to do something and working with what Cloudflare has to offer, this the current solution that works for me. I have seen many websites implementing the same “Javascript Challenge” methods and that number is increasing steadily.

Google, DFP, and Ad Networks should implement some of these measures but they refuse, making it the issue and cost of the publishers instead. Something that the publishers cannot stop effectively and many publishers do not have the funds to higher bigger less intrusive methods.

I have been using the following methods for a little while now.
Default Security Level: High
Pagerule: domain.com/* “I am under attack” mode (It just works better for some reason like this)
Challenge Passage set low to 15 minutes

I noticed an immediate drop in server requests. More “direct” source traffic in analytics because of the JS Challenge script. Bounce rates are returning to normal.

I was hoping to get some of those webmasters already using this method to speak out.


#6

Hope everything gets resolve soon thanks for sharing the information so the cloudflare community can look into it…