DDoS
DDoS Protection on VergeCloud
VergeCloud’s DDoS protection ensures that your website remains secure from malicious traffic while maintaining a seamless experience for legitimate users. With advanced filtering at multiple layers, customizable options, and user-friendly challenge mechanisms, this protection is built to safeguard your infrastructure with minimal disruption.
Overview
VergeCloud’s system defends against Distributed Denial of Service (DDoS) attacks by:
Filtering malicious traffic using Layer 3, 4, and 7 mechanisms
Offering configurable challenge modes (e.g., Captcha, JS Challenge)
Allowing route- or IP-based exclusions
Supporting TTL configuration for fine-tuned control
Use Cases
Scenario | Recommended Protection |
Login Form Protection | Use JS Challenge or Captcha to block bots from brute-forcing login forms |
| Global Traffic Management | Use No Challenge to allow high volumes of trusted traffic without friction |
Protection Modes
Defines how VergeCloud responds to incoming traffic. Each mode applies a different level of verification:
No Challenge: Bypasses Layer 7 checks; good for high-trust routes or static assets.
Cookie Challenge: Sends a cookie to verify the user’s browser can handle cookies; blocks basic bots.
JS Challenge: Runs JavaScript in the browser to detect bots that can't execute JS; ideal for advanced bot mitigation.
Captcha: Presents a challenge (image or puzzle) to confirm human interaction; best for login pages or sensitive actions.
TTL (Time-To-Live)
Controls how long a challenge (e.g., cookie or Captcha validation) remains valid:
A longer TTL reduces the frequency of repeated challenges for users.
A shorter TTL increases security by prompting users more often.
Example: A TTL of 30 minutes means a validated user won’t be re-challenged for 30 minutes.
Captcha Options
Allows you to choose the Captcha system used for human verification:
reCaptcha: Google's image-based challenge; widely compatible but less privacy-friendly.
hCaptcha: A privacy-focused alternative; recommended for compliance-sensitive environments or regions with Google restrictions.
Exclusions
Lets you specify paths or IP ranges that should bypass DDoS protection:
Use for endpoints like health checks or trusted internal services.
Supports Glob patterns for URLs and CIDR notation for IPs.
Summary
VergeCloud’s DDoS protection suite offers customizable, multi-layer defense with flexible settings. Choose the appropriate protection mode, configure TTL, and use Captcha options that fit your audience and security posture.
Related Articles
Understanding VergeCloud’s DDoS Challenge Modes
Understanding VergeCloud’s DDoS Challenge Modes VergeCloud’s DDoS protection uses multiple layers of mitigation to protect against both network-level (Layer 3 & 4) and application-level (Layer 7) attacks. Each challenge mode handles threats ...Rate Limiting
Rate Limiting on VergeCloud Introduction Rate limiting is a mechanism to manage the flow of incoming traffic to a network. VergeCloud’s Rate Limiting feature enables users to control the number of requests a user can make per specified time period ...Custom Error Pages
Custom Pages The custom pages feature within the VergeCloud CDN Service enables you to replace or customize various pages of your website, including Error Pages and Under Construction Pages. While these pages initially appear in VergeCloud's standard ...DNS Cloud Option
DNS Records Cloud Option After migrating your website to VergeCloud and completing your DNS configurations, you can view and manage the A Records of your domain and its subdomains under the DNS Records section in the CDN settings of your user ...Getting Started
The first step in utilizing our CDN service involves registering your domain within your VergeCloud account. Read more about CDN. This guide will walk you through the necessary steps. NOTICE DNSSEC: Ensure that DNSSEC is disabled on your domain ...