Set i360 like "I'm under attack" mode

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • imorandin
    Junior Member
    Forum Explorer
    • Jul 2017
    • 22
    #1

    Set i360 like "I'm under attack" mode

    Hi,

    Can Imunify360 force the splashscreen/captcha for all visitors (like Cloudflare’s I’m Under Attack) during an active web DDoS? If yes, how? If not, is there an advised workaround (config snippet, UI/API call) to temporarily force splashscreen for 0.0.0.0/0 and then revert back? Any gotchas?

    Thanks!

    Ignacio
    Tags: None
      👍 1
    • akots
      Administrator
      • Mar 2023
      • 108
      #2
      Hi,

      Imunify360 does not include native DDoS mitigation, its firewall and WAF are designed to protect against web-application-level threats (such as malicious requests, brute-force attacks, and exploits), but not high-volume traffic floods.

      SplashScreen feature is designed primarily for per-IP behavior blocking. It is automatically triggered by Imunify360 when certain conditions are met (e.g., reputation-based blocking, excessive requests, or WAF triggers), but it cannot be manually enabled for everyone.

      Sorry to say, but as of now, there is no supported way to apply SplashScreen globally through the Imunify360 interface or API. Attempting to block 0.0.0.0/0 manually would effectively lock out legitimate users and disrupt normal web access.​

      Since Imunify360 doesn’t mitigate volumetric or distributed network-layer attacks, we recommend using external DDoS protection in combination with Imunify360:
      • Cloudflare “I’m Under Attack” mode filters malicious traffic at the edge and challenges suspicious requests before they reach your server: Cloudflare DDoS Protection Overview
      • Hosting provider’s DDoS protection (most data centers (OVH, Hetzner, AWS, etc.) provide L3/L4 filtering on demand or by default).
      • Enterprise edge services such as Sucuri, Imperva, or Akamai, if advanced traffic profiling or CDN integration is required.

        Comment

        • imorandin
          Junior Member
          Forum Explorer
          • Jul 2017
          • 22
          #3
          Hi Akos,

          Thanks for your help.

          I found a way to achieve the desired behaviour. I added the entire internet to the Graylist (formerly “Captcha” mode) by running the following two commands (since ipset doesn’t support 0.0.0.0/0):

          Code:
          imunify360-agent ip-list local add --purpose captcha 0.0.0.0/1
imunify360-agent ip-list local add --purpose captcha 128.0.0.0/1
          This ensures that every request is forced through the splash screen.

          To remove it, simply run:

          HTML Code:
          imunify360-agent ip-list local delete --purpose captcha 0.0.0.0/1
imunify360-agent ip-list local delete --purpose captcha 128.0.0.0/1


          Regards,
          Ignacio

            Comment

            Previous template Next
            Working...

            We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

            By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

            I Agree