JS-Challenge protection¶

The JS Challenge feature provides an additional layer of security by verifying that requests to your project originate from legitimate browsers. This is achieved by providing a page with a JavaScript call to validate the client before granting access to the requested resource.

To set up JS Challenge protection, go to the server settings, then go to the tab "Sites", select the action for the site to which you want to apply the settings, then click "Anti-DDOS protection settings".

The following are the parameters available for configuring the behavior of the JS Challenge.

Parameters¶

Enabled

Enables or disables the JS Challenge for the site. With the value "Disabled" verification is not performed, and requests are processed without validation.

Title

The title that will be added to the page title. Default generated page is ”Checking Your Browser”.

Secret

The secret key used to generate the verification. Ensures the uniqueness and security of the call. If not specified, the system automatically generates a secret.

HTML

Specifies the path to the custom HTML file to be inserted into the of the generated call page. This allows you to customize the appearance and content of the verification page. By default: /usr/share/nginx/html/js_challenge.html

Bucket duration

Defines the time interval (in seconds) during which the JS Challenge is requested for the client. After successful completion of the call, the client is exempt from further checks until this time expires.