DDoS Mitigation
VergeCloud’s DDoS protection ensures that your website remains secure from malicious traffic while maintaining a seamless experience for legitimate users. With advanced filtering at multiple layers, customizable options, and user-friendly challenge mechanisms, this protection is built to safeguard your infrastructure with minimal disruption.
Overview
VergeCloud’s system defends against Distributed Denial of Service (DDoS) attacks by:
Filtering malicious traffic using Layer 3, 4, and 7 mechanisms
Offering configurable challenge modes (e.g., Captcha, JS Challenge)
Allowing route- or IP-based exclusions
Supporting TTL configuration for fine-tuned control
Use Cases
Scenario | Recommended Protection |
Login Form Protection | Use JS Challenge or Captcha to block bots from brute-forcing login forms |
| Global Traffic Management | Use No Challenge to allow high volumes of trusted traffic without friction |
Protection Modes
Defines how VergeCloud responds to incoming traffic. Each mode applies a different level of verification:
No Challenge: Bypasses Layer 7 checks; good for high-trust routes or static assets.
Cookie Challenge: Sends a cookie to verify the user’s browser can handle cookies; blocks basic bots.
JS Challenge: Runs JavaScript in the browser to detect bots that can't execute JS; ideal for advanced bot mitigation.
Captcha: Presents a challenge (image or puzzle) to confirm human interaction; best for login pages or sensitive actions.
TTL (Time-To-Live)
Controls how long a challenge (e.g., cookie or Captcha validation) remains valid:
A longer TTL reduces the frequency of repeated challenges for users.
A shorter TTL increases security by prompting users more often.
Example: A TTL of 30 minutes means a validated user won’t be re-challenged for 30 minutes.
Captcha Options
Allows you to choose the Captcha system used for human verification:
reCaptcha: Google's image-based challenge; widely compatible but less privacy-friendly.
hCaptcha: A privacy-focused alternative; recommended for compliance-sensitive environments or regions with Google restrictions.
Exclusions
Lets you specify paths or IP ranges that should bypass DDoS protection:
Use for endpoints like health checks or trusted internal services.
Supports Glob patterns for URLs and CIDR notation for IPs.
Summary
VergeCloud’s DDoS protection suite offers customizable, multi-layer defense with flexible settings. Choose the appropriate protection mode, configure TTL, and use Captcha options that fit your audience and security posture.
Related Articles
Understanding VergeCloud’s DDoS Challenge Modes
VergeCloud’s DDoS protection uses multiple layers of mitigation to protect against both network-level (Layer 3 & 4) and application-level (Layer 7) attacks. Each challenge mode handles threats differently. This guide explains each type to observe ...Rate Limiting
Rate Limiting on VergeCloud Introduction Rate limiting is a mechanism to manage the flow of incoming traffic to a network. VergeCloud’s Rate Limiting feature enables users to control the number of requests a user can make per specified time period ...Domain-Based and Organization-Based Roles
Domain-Based Roles Domain-based roles apply to specific domains or services, such as CDN. They control access to domain-level features but not global settings. Click on each role below to view its access permissions. Admin Access Area Permission ...Invite User
Member List The Member List section displays all users in your VergeCloud organization and helps you manage access through roles and scopes. From this page, you can view active members, send new invitations, assign roles, and monitor pending invites. ...API Keys
API Keys The API Keys section provides a central location for creating and managing API keys that enable programmatic access to VergeCloud services. You can generate new keys using a guided wizard, assign scopes and roles, and view or revoke existing ...