digitalpoint
Well-known member
Well, security level is more for mitigating things like bots looking for exploits. All but the tiniest/undetectable DDoS attack is going to be blocked regardless of your security level.
That being said, you can also fine tune your security level (if you haven't already done so) with Configuration Rules. For example maybe you want to override Security Level to be Essentially Off if the visitor is logged into an account or they are in US or Canada (just showing examples of what you could do... only you are going to know what mitigates your DDoS attacks).
I'd guess someone trying to DDoS attack you isn't doing so from a registered/logged in user account on each request.
You can also do the logic in reverse... like maybe default security level to Essentially Off, but then crank it up in certain cases... for example if a the request is coming across Tor.
Anyway, lots of different things you can do with Configuration Rules if you aren't already.
That being said, you can also fine tune your security level (if you haven't already done so) with Configuration Rules. For example maybe you want to override Security Level to be Essentially Off if the visitor is logged into an account or they are in US or Canada (just showing examples of what you could do... only you are going to know what mitigates your DDoS attacks).
I'd guess someone trying to DDoS attack you isn't doing so from a registered/logged in user account on each request.
You can also do the logic in reverse... like maybe default security level to Essentially Off, but then crank it up in certain cases... for example if a the request is coming across Tor.
Anyway, lots of different things you can do with Configuration Rules if you aren't already.