cloudflare · pedrosousa · Mar 12, 2025 · Mar 12, 2025
@@ -2,31 +2,29 @@
 pcx_content_type: reference
 source: https://support.cloudflare.com/hc/en-us/articles/200170076-Understanding-Cloudflare-Under-Attack-mode-advanced-DDOS-protection-
 title: Under Attack mode
-
 ---
 
 import { Example } from "~/components"
 
-Cloudflare's **I'm Under Attack Mode** performs additional security checks to help mitigate layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. It is designed to be used as one of the last resorts when a zone is under attack (and will temporarily pause access to your site and impact your site analytics).
+Cloudflare's Under Attack mode performs additional security checks to help mitigate layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. It is designed to be used as one of the last resorts when a zone is under attack (and will temporarily pause access to your site and impact your site analytics).
 
 When enabled, visitors receive an interstitial page.
 
-## Enable Under Attack mode
+## Turn on Under Attack mode
 
-**I'm Under Attack Mode** is disabled by default for your zone.
+Under Attack mode is turned off by default for your zone.
 
 ### Globally
 
-To put your entire zone in **I'm Under Attack Mode**:
+To put your entire zone in Under Attack mode:
 
-1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
 2. Select your account and zone.
-3. Go to **Security** > **Settings**.
-4. For **Security Level**, choose **I'm Under Attack!**.
+3. In the zone overview page, turn on **Under Attack Mode** in the **Quick Actions** sidebar.
 
 ### Selectively
 
-To enable **I'm Under Attack Mode** for specific pages or sections of your site, use a [Configuration Rule](/rules/configuration-rules/) to adjust the **Security Level**.
+To enable Under Attack mode for specific pages or sections of your site, use a [configuration rule](/rules/configuration-rules/) to adjust the **Security Level**.
 
 <Example>
 
@@ -48,21 +46,21 @@ If you are using the Expression Editor, enter the following expression:<br/>
 
 To turn it on for specific ASNs (hosts/ISPs that own IP addresses), countries, or IP ranges, use [IP Access Rules](/waf/tools/ip-access-rules/).
 
-***
+---
 
 ## Preview Under Attack mode
 
-To preview what **I'm Under Attack** mode looks like for your visitors:
+To preview what Under Attack mode looks like for your visitors:
 
 1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
 2. Select your account.
 3. Go to **Manage Account** > **Configurations**.
 4. Go to **Custom Pages**.
 5. For **Managed Challenge / I'm Under Attack Mode™**, select **Custom Pages** > **View default**.
 
-The "Checking your browser before accessing..." challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [**Challenge Passage**](/waf/tools/challenge-passage/).
+The `Checking your browser before accessing...` challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [Challenge Passage](/waf/tools/challenge-passage/).
 
-***
+---
 
 ## Potential issues
 

@@ -61,9 +61,9 @@ https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id} \
 
 </Details>
 
-<Details header="Example: Add a rule that turns on I'm Under Attack mode for the admin area">
+<Details header="Example: Add a rule that turns on Under Attack mode for the admin area">
 
-The following example sets the rules of an existing phase ruleset (`{ruleset_id}`) to a single configuration rule — turning on I'm Under Attack mode for the administration area — using the [Update a zone ruleset](/api/resources/rulesets/methods/update/) operation:
+The following example sets the rules of an existing phase ruleset (`{ruleset_id}`) to a single configuration rule — turning on Under Attack mode for the administration area — using the [Update a zone ruleset](/api/resources/rulesets/methods/update/) operation:
 
 ```bash title="Request"
 curl --request PUT \

@@ -6,10 +6,9 @@ sidebar:
 head:
   - tag: title
     content: Troubleshooting Domain Control Validation
-
 ---
 
-import { GlossaryTooltip, Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components";
 
 Taking into account the [steps involved in DCV](/ssl/edge-certificates/changing-dcv-method/dcv-flow/), some situations may interfere with certificate issuance and renewal.
 
@@ -24,12 +23,14 @@ If you are using the Cloudflare API, error messages are presented under the `val
 
 If you have issues while HTTP DCV is in place, review the following settings:
 
-* **Anything affecting `/.well-known/*`**: Review [WAF custom rules](/waf/custom-rules/), [IP Access Rules](/waf/tools/ip-access-rules/), and other [configuration rules](/rules/configuration-rules/) to make sure that your rules *do not* enable interactive challenge on the validation URL.
+- **Anything affecting `/.well-known/*`**: Review [WAF custom rules](/waf/custom-rules/), [IP Access Rules](/waf/tools/ip-access-rules/), and other [configuration rules](/rules/configuration-rules/) to make sure that your rules _do not_ enable interactive challenge on the validation URL.
 
-* **Cloudflare Account Settings** and **Page Rules**: Review your [account settings](/fundamentals/reference/under-attack-mode/), [Configuration Rules](/rules/configuration-rules/), and [Page Rules](/rules/page-rules/) to ensure you have not enabled **I'm Under Attack Mode** on the validation URL.
+- **Cloudflare Account Settings** and **Page Rules**: Review your [account settings](/fundamentals/reference/under-attack-mode/), [Configuration Rules](/rules/configuration-rules/), and [Page Rules](/rules/page-rules/) to ensure you have not enabled Under Attack mode on the validation URL.
 
   :::caution
-   <Render file="dcv-path-security" />
+
+  <Render file="dcv-path-security" />
+
   :::
 
 ## Redirection
@@ -44,14 +45,14 @@ When using [Redirect Rules](/rules/url-forwarding/single-redirects/) the `/.well
 
 The errors below refer to situations that have to be addressed at the authoritative DNS provider:
 
-* `the Certificate Authority had trouble performing a DNS lookup: dns problem: looking up caa for nsheiapp.codeacloud.com: dnssec: bogus`
-* `Certificate authority encountered a SERVFAIL during DNS lookup, please check your DNS reachability.`
+- `the Certificate Authority had trouble performing a DNS lookup: dns problem: looking up caa for nsheiapp.codeacloud.com: dnssec: bogus`
+- `Certificate authority encountered a SERVFAIL during DNS lookup, please check your DNS reachability.`
 
 Consider the following when troubleshooting:
 
-* [DNSSEC](https://www.cloudflare.com/learning/dns/dns-security/) must be configured correctly. You can use [DNSViz](https://dnsviz.net/) to understand and troubleshoot the deployment of DNSSEC.
-* Your [CAA records](/ssl/edge-certificates/caa-records/) should allow Cloudflare's partner [certificate authorities (CAs)](/ssl/reference/certificate-authorities/) to issue certificates on your behalf.
-* The HTTP verification process is done preferably over **IPv6**, so if any `AAAA` record exists and does not point to the same dual-stack location as the `A` record, the validation will fail.
+- [DNSSEC](https://www.cloudflare.com/learning/dns/dns-security/) must be configured correctly. You can use [DNSViz](https://dnsviz.net/) to understand and troubleshoot the deployment of DNSSEC.
+- Your [CAA records](/ssl/edge-certificates/caa-records/) should allow Cloudflare's partner [certificate authorities (CAs)](/ssl/reference/certificate-authorities/) to issue certificates on your behalf.
+- The HTTP verification process is done preferably over **IPv6**, so if any `AAAA` record exists and does not point to the same dual-stack location as the `A` record, the validation will fail.
 
 ## CA errors
 

@@ -236,7 +236,7 @@ cloudflare_page_rule.increase-security-on-expensive-page: Creation complete afte
 Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
 ```
 
-With the Page Rules in place, try that call again, along with a test for the I'm Under Attack mode:
+With the Page Rules in place, try that call again, along with a test for the Under Attack mode:
 
 ```sh
 curl -vso /dev/null https://www.example.com/old-location.php 2>&1 | grep "< HTTP\|Location"
@@ -255,4 +255,4 @@ curl -vso /dev/null https://www.example.com/expensive-db-call 2>&1 | grep "< HTT
 < HTTP/1.1 503 Service Temporarily Unavailable
 ```
 
-The call works as expected. In the first case, the Cloudflare global network responds with a `301` redirecting the browser to the new location. In the second case, the Cloudflare global network initially responds with a `503`, which is consistent with the I'm Under Attack mode.
+The call works as expected. In the first case, the Cloudflare global network responds with a `301` redirecting the browser to the new location. In the second case, the Cloudflare global network initially responds with a `503`, which is consistent with the Under Attack mode.
@@ -6,17 +6,16 @@ sidebar:
 head:
   - tag: title
     content: IP Access rules actions
-
 ---
 
 An IP Access rule can perform one of the following actions:
 
-* **Block**: Prevents a visitor from visiting your site.
+- **Block**: Prevents a visitor from visiting your site.
 
-* **Allow**: Excludes visitors from all security checks, including [Browser Integrity Check](/waf/tools/browser-integrity-check/), [I'm Under Attack Mode](/fundamentals/reference/under-attack-mode/), and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare's default security features. The *Allow* action takes precedence over the *Block* action. Note that allowing a given country code will not bypass WAF managed rules (previous and new versions).
+- **Allow**: Excludes visitors from all security checks, including [Browser Integrity Check](/waf/tools/browser-integrity-check/), [Under Attack mode](/fundamentals/reference/under-attack-mode/), and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare's default security features. The _Allow_ action takes precedence over the _Block_ action. Note that allowing a given country code will not bypass WAF managed rules (previous and new versions).
 
-* **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare challenges](/waf/reference/cloudflare-challenges/#managed-challenge-recommended).
+- **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare challenges](/waf/reference/cloudflare-challenges/#managed-challenge-recommended).
 
-* **JavaScript Challenge**: Presents the [I'm Under Attack Mode](/fundamentals/reference/under-attack-mode/) interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors.
+- **JavaScript Challenge**: Presents the [Under Attack mode](/fundamentals/reference/under-attack-mode/) interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors.
 
-* **Interactive Challenge**: Requires the visitor to complete an interactive challenge before visiting your site. Prevents bots from accessing the site.
+- **Interactive Challenge**: Requires the visitor to complete an interactive challenge before visiting your site. Prevents bots from accessing the site.
@@ -4,26 +4,25 @@ source: https://support.cloudflare.com/hc/en-us/articles/217720788-Troubleshooti
 title: Issues sharing to Facebook
 sidebar:
   order: 2
-
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
 
-Cloudflare does not block or challenge requests from Facebook by default. However, a post of a website to Facebook returns an *Attention Required* error in the following situations:
+Cloudflare does not block or challenge requests from Facebook by default. However, a post of a website to Facebook returns an _Attention Required_ error in the following situations:
 
-* You have globally set the [security level](/waf/tools/security-level/) to *I'm Under Attack*.
-* There is a [configuration rule](/rules/configuration-rules/) or [page rule](/rules/page-rules/) setting the security level to *I'm Under Attack*.
-* There is a [custom rule](/waf/custom-rules/) with a challenge or block action that includes a Facebook IP address.
+- You have globally set the [security level](/waf/tools/security-level/) to _I'm Under Attack_.
+- There is a [configuration rule](/rules/configuration-rules/) or [page rule](/rules/page-rules/) setting turning on Under Attack mode.
+- There is a [custom rule](/waf/custom-rules/) with a challenge or block action that includes a Facebook IP address.
 
 A country challenge can block a Facebook IP address. Facebook is known to crawl from both the US and Ireland.
 
 ## Resolution
 
 To resolve issues sharing to Facebook, do one of the following:
 
-* Remove the corresponding IP, ASN, or country custom rule that challenges or blocks Facebook IPs.
-* Create a [skip rule](/waf/custom-rules/skip/) for <GlossaryTooltip term="autonomous system numbers (ASNs)">ASNs</GlossaryTooltip> `AS32934` and `AS63293` (use the *Skip* action and configure the rule to skip **Security Level**).
-* Review existing configuration rules and Page Rules and make sure they are not affecting requests from Facebook IPs.
+- Remove the corresponding IP, ASN, or country custom rule that challenges or blocks Facebook IPs.
+- Create a [skip rule](/waf/custom-rules/skip/) for <GlossaryTooltip term="autonomous system numbers (ASNs)">ASNs</GlossaryTooltip> `AS32934` and `AS63293` (use the _Skip_ action and configure the rule to skip **Security Level**).
+- Review existing configuration rules and Page Rules and make sure they are not affecting requests from Facebook IPs.
 
 If you experience issues with Facebook sharing, you can re-scrape pages via the **Fetch New Scrape Information** option on Facebook's Object Debugger. Facebook [provides an API](https://developers.facebook.com/docs/sharing/opengraph/using-objects) to help update a large number of resources.
 

@@ -19,11 +19,11 @@ The available security levels are the following:
 
 Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.
 
-Security levels from _Essentially off_ to _High_ will challenge the visitor using a Managed Challenge. When you select _I'm Under Attack!_, which enables [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
+Security levels from _Essentially off_ to _High_ will challenge the visitor using a Managed Challenge. When you select _I'm Under Attack!_, which enables [Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
 
 :::caution
 
-Only use [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/) when a website is under a DDoS attack. I'm Under Attack mode may affect some actions on your domain, such as your API traffic.
+Only use [Under Attack mode](/fundamentals/reference/under-attack-mode/) when a website is under a DDoS attack. Under Attack mode may affect some actions on your domain, such as your API traffic.
 
 To set a custom security level for your API or any other part of your domain, create a [configuration rule](/rules/configuration-rules/).
 :::