Skip to main content

How to Enable and Configure Cloudflare Security on Cloudways Autonomous

Learn how Cloudflare Under Attack Mode protects your Cloudways Autonomous application from suspicious traffic and how to enable, configure, or disable it when needed.

Written by Syed Abuzar Mehdi

Cloudflare Under Attack Mode adds a temporary verification layer that helps your Autonomous application handle suspicious or potentially harmful traffic.

When enabled, Cloudflare evaluates each visitor before serving the site, reducing the chances of automated attacks or disruptive requests.

This article explains how the feature behaves on Cloudways Autonomous and guides you on when and why to use it.

Table of Contents:

What Is Cloudflare Under Attack Mode?

Cloudflare Under Attack Mode protects your application when it detects high-risk or abnormal traffic patterns, by providing an additional security layer.

Visitors may briefly see a verification page while Cloudflare confirms that the request is legitimate.

This helps prevent automated bots, DDoS attempts, or sudden traffic surges from overwhelming your site.

Default Behavior

Under Attack Mode is disabled by default to allow regular, uninterrupted access for your users. You may enable it at any time if you notice unusual activity.

How the Setting Works

You can manage Under Attack Mode at the application level from your Cloudways dashboard.

The toggle lets you activate or deactivate the protection instantly based on your current traffic conditions.

Turning it on adds a verification layer, while turning it off restores normal access.

When Turned ON

When the mode is active, Cloudflare applies extra checks to incoming traffic. Visitors may be presented with a short challenge such as a CAPTCHA. This helps ensure only valid users reach your site during periods of suspicious activity.

When Turned OFF

When disabled, visitors reach your application normally without any added checks.

How to Enable Cloudflare Under Attack Mode?

Step #1 - Open the Autonomous Applications Section:

  1. Log in to the Cloudways Platform.

  2. From the left-hand navigation menu, click Autonomous.

  3. Select My Applications.

Step #2 - Select Your Application:

  1. From the My Applications list, locate the application where you want to enable protection.

  2. Click the application to open its dashboard.

Step #3 - Go to Security and Cloudflare:

  • Inside the application dashboard Overview, click the Security from the top menu.

  • Now in the security tab, click on Cloudflare.

  • Cloudflare Under Attack Mode is disabled for now as the Custom Domain is not yet added.

  • To add your domain to Cloudways Autonomous, click here to read this knowledge base article.

Step #4 - Configure Cloudflare Security and Performance Settings:

After your domain becomes live, you can configure additional Cloudflare Enterprise settings from the Security > Cloudflare section.

These settings allow you to manage important website security, traffic protection, and performance features directly from the Cloudways Autonomous platform without requiring manual configuration in Cloudflare.

Available Cloudflare Settings:

Cloudflare Enterprise on Cloudways Autonomous includes multiple built-in security and performance features that help protect your website, manage traffic, improve reliability, and control how visitors and bots interact with your application.

Below is a brief overview of the available Cloudflare settings you can configure for your website.

1. Under Attack Mode

Under Attack Mode adds an extra layer of protection when your website is experiencing suspicious traffic, DDoS attacks, spam traffic, or excessive bot requests.

  • Visitors may see a short verification page before accessing your website.

  • Helps block malicious traffic before it reaches your server.

  • Verified search engine bots such as Googlebot and Bingbot are not affected.

  • Recommended to enable temporarily during active attacks or unusual traffic spikes.

2. Web Application Firewall (WAF)

The Web Application Firewall protects your website from common online threats and malicious requests.

It helps block:

  • SQL injection attacks

  • Cross-site scripting (XSS)

  • Malicious bots

  • Suspicious requests targeting vulnerabilities

Additional Information:

  • Uses Cloudflare’s global threat intelligence network for real-time protection.

  • Helps improve website security without requiring manual firewall rules.

  • Disabling this option only turns off Cloudflare edge protection and does not disable your server firewall.

Recommended:

Keep this enabled for better website security.

3. Rate Limiting

Rate Limiting helps prevent abuse by controlling how many requests a visitor or IP address can send within a short period.

How it works:

  • Cloudflare monitors requests in 60-second intervals.

  • When an IP exceeds the allowed request threshold, Cloudflare automatically applies security challenges or temporary restrictions.

Benefits:

  • Protects login pages and APIs from brute-force attacks.

  • Reduces server load caused by bots or excessive traffic.

  • Helps improve website stability during traffic spikes.

Note:

Verified bots, cached content, and static assets are excluded from these limits

4. Browser Integrity Check

Browser Integrity Check helps identify and block suspicious or potentially harmful visitors.

Cloudflare checks incoming requests for:

  • Missing or suspicious HTTP headers

  • Known malicious browser signatures

  • Automated spam or bot behavior

Benefits:

  • Adds an extra security layer against harmful traffic.

  • Helps reduce spam and suspicious requests.

  • Improves website protection without affecting most legitimate users.

5. AI Crawler Blocking

AI Crawler Blocking helps prevent AI companies and automated crawlers from using your website content for AI training or data collection.

Benefits:

  • Helps protect your website content from unauthorized AI scraping.

  • Reduces unnecessary crawler traffic.

  • Gives more control over how your content is accessed online.

Recommended:

Enable this option when you want to restrict AI crawlers from collecting your website data.

6. SSL Cipher

SSL Cipher controls the encryption algorithms used between your visitors and Cloudflare’s edge network.

Available Options:

Compatible

  • Supports a wider range of browsers and older devices.

  • Provides balanced security and compatibility.

  • Recommended for most websites.

Modern

  • Uses newer and stronger encryption algorithms.

  • Provides enhanced security.

  • May not support older browsers or outdated devices.

Recommended:

Use Compatible unless your website specifically requires modern-only encryption standards.

Save Your Changes

After configuring your preferred Cloudflare settings, click Save Changes to apply the updates to your website.

Note:

You must have a Live domain associated with your app to use all these CF settings in autonomous.

When Domain is Not Mapped?

You need to map your domain first before enabling Cloudflare Under Attack Mode.

How to Disable Cloudflare Under Attack Mode?

Step #1 - Open the Application Security Settings:

  1. Log in to the Cloudways Platform.

  2. From the left navigation menu, click Autonomous.

  3. Select My Applications.

  4. Click the application name where Cloudflare Under Attack Mode is currently enabled.

  5. Inside the application dashboard, click the Security tab from the top menu.

  6. From the left sidebar, click Cloudflare.

(Follow the navigation provided in ‘How to Enable Cloudflare Under Attack Mode?’ from Step #1 - Step #3)

Step #2 - Turn OFF Cloudflare Under Attack Mode:

  1. On this page, locate Cloudflare Under Attack Mode.

  2. Click the toggle switch to turn it OFF.

Step #3 - Confirm the Action:

  1. A confirmation popup will appear asking if you want to disable Cloudflare Under Attack Mode.

  2. Disabling this setting turns off enhanced filtering and may make your website more vulnerable to suspicious or high-volume traffic.

  3. Read the message in the pop up carefully to make sure your actions do not expose your website to potential attacks.

  4. Click Disable to proceed.

Step #5 - Wait for the Change to Apply:

  1. You may briefly see a status message such as “Disabling Cloudflare Under Attack Mode” while the setting is being updated.

User Controls

Cloudways allows you to toggle this setting freely so you can respond quickly to changing traffic patterns.

The system also records the timestamp of the most recent change so you can see when the feature was last updated.

When to Use Under Attack Mode

Enable this mode whenever you observe behavior that may indicate an attack or automated interference. It is best suited for short periods while you diagnose the issue.

Once normal activity resumes or if users report difficulty accessing the site, you can turn it off.

Refer to the following points to determine when to use under attack mode:

● Sudden spikes in suspicious traffic

● Possible DDoS activity

● Automated bot visits affecting performance or analytics

● Disable it once traffic normalizes or real users report access issues

Final Thoughts

Cloudflare Under Attack Mode is a practical tool for managing unusual or harmful traffic.

With simple controls in the Cloudways Platform, you can activate it quickly, monitor changes, and disable it once conditions stabilize.

It provides targeted protection without requiring technical expertise and helps maintain your application's stability during suspicious traffic events.

That’s it! We hope this article was helpful.

Need Help?

If you need assistance, feel free to:

We're here 24/7 to help you!

Did this answer your question?