We had many IP requests on Friday so decided to turn on “under attack mode”. This resulted in no one being able to purchase anything on our website. under attack, mode blocked out payment methods. Fixed it as soon as we turned on the “under attack” mode. Does anyone know why that happened or how to stop that from happening next time?
Under attack mode is a blunt tool and will challenge all visitors to the site that are not allowed by other rules. It is a swift way of keeping a site up when an attack starts but may have unintended consequences.
allowlist them using WAF custom rules, IP Access rules or a Configuration Rule to set the security level differently for specific requests.
If under attack, then you can follow this guide to tune your rules better…