Handling JavaScript challenges for Web Application Firewall

DescriptionHandling JavaScript challenges: Cyber Security


Javascript Calculation Challenge (JSC) is an effective mechanism against web application layer attacks. Once enabled, it requires the browser on the client's machine to perform a calculation and return results back to the web server via a cookie. If the calculation is accurate the web server will return the requested content. The cookie is preserver to ensure that future communications from that client are not affected by JSC

To enabled JSC, please click the JS CHallange button under DDoS Protection in the sidebar.

JSC Settings

Settings fieldDescription
JS Challenge Action

Off - No actions, i.e., Javascript Challenge disabled

Alert only - All requests would be challenged, but the system will save alerts only for failed challenges. You can see all alerts on JS Challenge logs page

Block - All requests would be challenged and failed requests would be blocked. This depends on the "Maximum amount of failed requests" value

Maximum amount of failed requestsThe amount of requests, which system would ignore before blocking the request

Recommended value: 10

JS Challenge action expiration timeSet the expiration time for Block action, i.e: after how many seconds system would challenge client requests again and reinforce the Block action. Used only when the JS Challenge Action is set to Block
Set header for failed challengeAvailable only when the JS Challenge Action is set to Alert Only. Allows to set a custom HTTP header for failed requests, so the application could add some custom logic for possible bots, etc.
Header for failed requestsAvailable only when 'Set header for failed requests' option is enabled. Allows to set the header name for failed requests

Review JSC logs

You can view detailed logs for all JSC activities on the JS Challenge Logs page.

You can view: Date, Action, IP, Country, Requests and Status information for every alert received

Every alert could be expanded to provide additional logging details. Filtering options are available on the left-hand side to filter by IP, Date, Status, etc.