almost all trafic is with threat_score = 0 only less than 1% is above threat_score >1
and I am under attack

Thank you for this tutorial. I have this setting ok only what is strange is that all threat_score in the firewall equals 0. I cannot deactivate under attack mode because all hackers trafic start goes to my server

Hey @beehivemonitoring ,

It might take a while until the threat_score has been updated. We calculate it based on data from Project HoneyPot and on internal threat intelligence from what we see being blocked by our WAF or DDoS mitigation.

Under Attack Mode is basically serving a JS Challenge to all of your proxied traffic (independent of the threat score). So if you want to narrow down the scope of traffic that gets served a JS Challenge, you can use Firewall Rules and serve a Challenge (CAPTCHA or JS Challenge) only for certain URLs, hostnames, regions, etc.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.