You can use this document to learn about the different WAF-related security screens that your visitors may see when they attempt to access your site. These screens will display based on the triggered rule.
Review security screens
Review the possible security screens that your visitors may see:
The Block screen displays when your visitor has received a hard block. The screen displays a 403 response code, which will deny access to the visitor.
The Captcha screen displays to ensure and test that a human visitor wants to access your site, and not an automated request.
Your visitor will need to enter the displayed characters.
Your visitor will not need to perform any action. The screen will display for less than a second.
This screen may also display when blocking automated traffic during application-layer DDoS attacks.
|Cross-site request forgery (CSRF)||
This CSRF screen displays when a CSRF attack is suspected.
CSRF is an attack vector that tricks a web browser into executing an unwanted action in an application that a visitor is logged into.
The DDoS screen displays when another service has white-labeled the StackPath WAF service.
To learn about the security challenges that may cause your visitors to see a security screen, see StackPath WAF: Why are my Users Blocked?.