InfoWhen WAAP is in Monitoring mode, DDoS attacks are still detected and DDoS mode is activated. However, no protection is enforced — traffic is passed to the origin as normal. DDoS events are recorded in analytics and marked as DDoS traffic.To enable active DDoS protection, switch your domain to Protection mode.
When DDoS mode is activated
DDoS mode is activated if any of the following conditions are met.InfoYou can adjust the threshold values for all WAAP plans. Contact our support team for assistance.
What happens when DDoS mode is activated
- Every request is challenged with JavaScript validation. This challenge detects if a valid user and not an automated tool is making the request. If a user passes the validation, they will not be challenged on future requests.
- DDoS mode will be active for a minimum duration of 10 minutes and then for the duration of the attack.
- Any automated layer traffic is blocked. This action won’t be applied to large search engines, such as Google or Bing.
- WAAP’s bot-detection technology will block bots that share IP addresses with human users or frequently change their IP addresses.
- WAAP DDoS protection uses an AI-driven IP filtering profiler that analyzes daily traffic patterns from known users. This helps the system distinguish normal traffic from traffic that might be part of a DDoS attack.