Understanding VergeCloud’s DDoS Challenge Modes
VergeCloud’s DDoS protection uses multiple layers of mitigation to protect against both network-level (Layer 3 & 4) and application-level (Layer 7) attacks. Each challenge mode handles threats differently. This guide explains each type to observe their behavior.
What It Is:
This mode protects your applications against network-layer attacks such as:
TCP SYN floods
UDP floods
ICMP/volumetric attacks
IP spoofing
Protection is applied at the edge without introducing any delays or browser-level checks.
How VergeCloud Does It Using Anycast:
When you enable No Challenge Mode, your domain is pointed to a VergeCloud Anycast IP address. This IP is globally advertised by multiple edge locations in our network.
Anycast ensures that all traffic — including attack traffic — is routed to the nearest VergeCloud edge.
Here’s what happens next:
The VergeCloud edge node receives and inspects traffic before forwarding it to your origin server.
If the system detects Layer 3 or Layer 4 anomalies (e.g., floods, spoofed IPs, malformed packets), it:
Drops the packets immediately at the edge.
Optionally rate-limits the traffic source.
Logs the event for your visibility.
Clean traffic is passed through without requiring cookies, JavaScript, or CAPTCHA challenges — making this mode fully transparent to human users and API clients.
This Anycast-based architecture distributes traffic globally, preventing attackers from overwhelming a single point in your infrastructure.
Cookie Challenge
What it is:
Blocks bots by setting and validating a cookie on the client.
Legitimate browsers pass; headless tools or bots without cookie support are blocked.
Screenshot
JavaScript Challenge
What it is:
Sends a JS-based challenge that the browser must solve (often a dynamic math or timing check).
Defeats bots that don’t execute JavaScript.
Screenshot
Captcha Challenge
What it is:
Forces users to solve a CAPTCHA (e.g., Google reCAPTCHA or VergeCloud native) to proceed.
Blocks even advanced bots and requires human interaction.
Screenshot
Conclusion
By understanding how each mode works, you can ensure that VergeCloud is not only active but also effectively protecting your infrastructure in real time.
Choose the right challenge level for your use case, and combine it with monitoring and analytics to stay one step ahead of DDoS threats.
Related Articles
DDoS Mitigation
VergeCloud’s DDoS protection ensures that your website remains secure from malicious traffic while maintaining a seamless experience for legitimate users. With advanced filtering at multiple layers, customizable options, and user-friendly challenge ...How to Whitelist VergeCloud’s IP Addresses in Your Firewall
Why You Need Whitelist VergeCloud’s IP Addresses in Your Firewall To ensure smooth and uninterrupted communication between VergeCloud’s edge servers and your main host server, it's crucial to whitelist VergeCloud’s IP addresses in your firewall ...Known Crawler Whitelisting in VergeCloud
Managing Known Crawlers in VergeCloud Bots—also called crawlers or spiders—are automated programs used by search engines and online services to scan and index websites. They play a key role in helping your content appear in search results, power AI ...Using Layer 4 Network on VergeCloud: A Guide to Enhancing Website Performance and Security
Using Layer 4 Network on VergeCloud Introduction The VergeCloud Layer 4 Proxy enhances security and performance for applications using TCP or UDP protocols. It is ideal for non-HTTP traffic such as email, FTP, SSH, VoIP, or gaming. By proxying ...Steps to Activate Cloud Icon for VergeCloud
Checks Before Activating Cloud Icon For Domain Once you've transferred your website to VergeCloud and updated your DNS settings, there are a few steps to complete before activating the Cloud icon for the records in the VergeCloud user panel. These ...