The explosive surge in online hacks and attacks has forced may sites to seek out ways to mitigate such threats. Cloudflare’s Firewall is an indispensable tool to protect sites or specific assets within sites from online threats, specifically the automated threats known as bots that relentlessly scan sites for vulnerabilities and exploits. The JS Challenge option is one of the firewall settings that helps distinguish threat bots from humans, blocking the former, while allowing in the latter.Â
JS Challenge does have some drawbacks, however. For one, it requires JavaScript support and also the few seconds of verification wait time can be annoying to some visitors. Therefore, it's best to use the challenge facility judiciously and only for the most valuable or most targeted parts of a web site.Â
There are times however that large networks of bots, for one reason or another, target a site and hammer it relentlessly which leads to the dreaded DDoS condition. That's when a site in knocked offline and visitors can't reach the site until the attack is terminated.
At one time, battling DDoS was a stressful and mostly futile attempt. But now Cloudflare customers have the Under Attack Mode switch, right on the home page of each zone. Activating that feature immediately arms the entire web site with JS Challenge, repelling the attacking bots while allowing legitimate visitors to still reach the site, after they've been verified.
Sometimes the attacking bots target more than one site belonging to an organization and what Cloudflare doesn't have (at least as of this writing) is the means to activate Under Attack Mode for multiple or all sites within an account in one fell swoop. The site administrator needs to visit each zone individually and turn on Under Attack Mode. Then when the attack finishes, the administrator needs to do the reverse, also individually for each zone. For a long list of zones, that can get quite time consuming, especially if the protection needs to be turned on and off multiple times as the attack waves wax and wane.Â
Thankfully, Cloudflare comes with a robust API library and I've written a simple Python script to help with that. See the comment section at the top of the script on how to use it. Then when the attack arrives, you won't even have to visit Cloudflare's site. Just run the script to activate JS Challenge for one, a few, or all your sites. And when the attack ends, run the script again to turn off the protection and return your sites back to normal operation.Â