When a DDoS attack is not automatically mitigated by Deflect rules and begins to have a negative impact on your server, you can enable the Challenger.
It will help Deflect distinguish between real website readers (who are using a web browser) from automated bots. Challenger does this by serving everyone who requests access to the website a mathematical challenge in JavaScript – a SHA-inverse calculation, to be precise.
The browser solves the challenge automatically and sends back their reply. Most bot cannot do this. When a challenge has been solved, Deflect returns a cookie to the reader’s browser. No further challenges are required from this reader for the next 24 hours.
For the challenger to work JavaScript needs to be enabled on the user’s side.
