The Marketplace platform now includes two advanced security features, available in the administrative area, designed to mitigate automated attacks (bots) and protect URLs vulnerable to unauthorized access.
Accessing the Configuration #
- Go to the side menu of the panel.
- Click System.
- Then select Settings.
- Locate the Advanced section.
- Access the Admin option.
- Inside this area, click the Security tab.
1. “Under Attack” Mode #
When enabled, this option displays a JavaScript Challenge (JS Challenge) for all site access — both on the front-end, the administrator panel, and the seller panel.
The challenge verifies if the user is a bot. If successfully passed, a session cookie valid for 1 hour is set, allowing normal platform usage during that period.
When to use:
This feature is recommended only in emergency situations, such as when a site is under a DDoS attack and it is not possible to activate the equivalent mode in Cloudflare. It can be considered a temporary solution until control is restored through the external service.
2. Direct Access Validation with Filters #
This feature activates additional protection for URLs containing direct filters, such as category pages with pagination or applied parameters (e.g., /category/page/2).
Objective:
Prevent bots or suspicious requests from directly accessing these URLs — which are not indexed in search engines or used in legitimate promotional campaigns.
When enabled, the feature blocks direct requests with filters via a JS Challenge or, in suspicious cases, returns a 403 Forbidden error, preventing the page from loading.
Expected Behavior of Protections #
| Scenario | Protection Enabled? | Result |
|---|---|---|
| Direct access to URL with filter | Yes | JS Challenge or 403 error |
| Normal site navigation (e.g., via menu) | Yes | Access granted |
| Access to home, admin, or seller login | Yes | JS Challenge with valid cookie |
| Bot attempting to access filtered page | Yes | Automatic block (Forbidden) |
Recommendations #
- Direct Filter Validation: We suggest keeping this enabled for all stores as a standard security practice.
- “Under Attack” Mode: Use only when it is not possible to enable protection in Cloudflare or the account is temporarily inaccessible.
If you have any questions or need assistance using these features, please contact our Support Team. We’re always available to help!