When normal mode fails to mitigate a large-volume and sophisticated HTTP flood, you can enable the emergency mode of HTTP flood protection.
By default, HTTP flood protection is set to the normal mode in protection against common HTTP floods. WAF then mitigates HTTP floods normally. In case the origin CPU rises, or loses response from the database or application, you must activate the emergency mode.
The Emergency mode may cause false positives to legitimate traffic. We recommend that you choose the Business or Enterprise Plan for the customized HTTP flood protection policies.