Cloudflare’s I’m Under Attack Mode performs additional security checks to help mitigate layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. It is designed to be used as one of the last resorts when a zone is under attack (and will temporarily pause access to your site and impact your site analytics).
When enabled, visitors receive an interstitial page.
I’m Under Attack Mode is disabled by default for your zone.
To put your entire zone in I’m Under Attack Mode:
To enable I’m Under Attack Mode for specific pages or sections of your site, use a Configuration Rule to adjust the Security Level.
When incoming requests match
/adminIf you are using the Expression Editor, enter the following expression:
(starts_with(http.request.uri.path, "/admin"))
Then the settings are
To turn it on for specific ASNs (hosts/ISPs that own IP addresses), countries, or IP ranges, use IP Access Rules.
To preview what I’m Under Attack mode looks like for your visitors:
The “Checking your browser before accessing…” challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in Challenge Passage.
Since the Under Attack mode requires your browser to support JavaScript to display and pass the interstitial page, it is expected to observe impact on third party analytics tools.