When a DDoS attack is not automatically mitigated by Deflect rules and begins to have a negative impact on your server, you can enable the Challenger filter. It will help Deflect distinguish between real website readers (who are using a web browser) from automated bots. Challenger does this by serving everyone who requests access to the website a mathematical challenge in JavaScript. The browser solves the challenge and sends back their reply. The bot cannot do this. When a challenge has been solved, Deflect returns a cookie to the reader’s browser. No further challenges are required from this reader for the next 24 hours.


Information for website readers

In order to successfully receive and process a challenge, your browser will need to have JavaScript enabled. If you are using a JavaScript blocker like e.g. “NoScript”, it will result in an error message telling you that JavaScript is blocked and should be enabled:

NoScript blocking JavaScript on the Black Lives Matter website

NoScript blocking JavaScript on the Black Lives Matter website

Information for Deflect clients

Challenger is a strong measure of defense. It will not only block all malicious traffic, but also legitimate traffic. This may result in website crawlers not being able to access your website. Use Challenger as a last resort. We have white listed the following crawlers and IPv4 address ranges to make sure websites behind the challenger can still be indexed:

# Google crawler

# PayPal IPN servers

# Facebook

# Testing

Website or crawler banned?

If the challenger filter blocks your website or crawler we can white list your IP address. Please submit a ticket to the Deflect team and provide the following information:

  • Name of your organization and a brief description of work
  • Link or IP address / ranges

If your request is legit we will add your website or crawler to the white list.

Banjax Challenger Code

Here’s a link to the code served by Challenger. It should only take a second or two for your computer or smartphone to solve the challenge.

For more information about BotnetDBP, Banjax, early stage filtering and challenging and banning of bots, you can navigate to this page