Setting Up the DDoS Mitigation Service

Created at:

You can find the DDoS settings under your site settings page in the WAF section. The DDoS mitigation rule has three basic modes:

  • Off: All DDoS mitigation rules will be disabled
  • On: DDoS mitigation rules will be enabled
  • Automatic (recommended): DDoS mitigation rules will automatically kick-in only when the site is under DDoS

The recommended mode for the DDoS rule is Automatic. This allows users to make sure DDoS attacks are mitigated instantly as soon as a DDoS attack starts while minimizing impact on the normal web site behaviour. This is recommended since we have learned that not all users are aware of all legitimate bots that access their web site and enabling the DDoS rules might cause those bots to be blocked if whitelist rules are not setup in advance.
If the DDoS mode is set to Automatic, Incapsula will enable the DDoS rules only when the traffic to the site exceeds a certain threshold. This threshold is set by default to 1000 requests per second and can be modified in the Advanced DDoS Settings (see below).

Advanced DDoS Settings:

The advanced DDoS settings can be accessed by clicking on Advanced Settings in the DDoS rule settings. Three types of advanced settings are available:

  • Filtering level: This sets the level of filtering to be used by the DDoS rule. Suspected DDoS bots can be filtered according to the following criteria: No Challenge, Cookie support, Javascript support, Human Interaction (Captcha).
  • Request rate threshold: This allows users to modify the threshold from which Incapsula enables the DDoS rules under Automatic mode.
  • Handling non essential bots: Incapsula DDoS rules are configured with predefined whitelists for the major search engines and automated site tools (such as Pingdom). Those bots will not be blocked even when DDoS rules are enabled. However, most sites are accessed regularly by many types of bots ranging from less known search engines to custom home-grown tools. Under the default settings those bots will not be blocked however, in some cases DDoS bots will try to disguise themselves as those bots and attempt to bypass the DDoS rules. By checking this option users can decide to block any bot that is not part of the predefined whitelist.

For additional inofmration, see also: DDoS Mitigation Service

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


  • Avatar


    This threshold is set by default to 500 requests per second
    Now, I think this default setting is 1000 requests per second in the Advanced DDoS Settings.
    Please let me know correct default setting.

  • Avatar

    Hi, there is a typo on the last line:

    "For additional inofmration, see also: DDoS Mitigation Service"

Powered by Zendesk