Proof of Work (PoW) option for WWW

We are pleased to introduce a new option that helps protect websites against automated access.

When enabled, the user’s device must perform a small computational task. This operation usually takes a fraction of a second for a regular user but significantly hinders large-scale automated activities. Verification is performed once per day and requires cookies to be enabled in the client’s browser.

The PoW option supports three configuration states:

• off - disabled (the protection will not be active for the given domain)
• on (default) - enabled only during an attack (PoW will be automatically activated when an attack is detected)
• always - always enabled (verification occurs on the first visit to the website)

Command syntax for devil:
devil www options <DOMAIN> pow <on|always|off>

The setting can also be managed from the DevilWEB panel:
WWW websites → Manage → Details for the selected domain → set the Proof of Work option → Save changes.

It is also possible to customize the appearance of the verification page by creating the following files:

• ~/domains/<DOMAIN>/errors/pow-pensive.webp - displayed while the user is being verified
• ~/domains/<DOMAIN>/errors/pow-happy.webp - displayed after successful verification
• ~/domains/<DOMAIN>/errors/pow-reject.webp - displayed when access is denied
• ~/domains/<DOMAIN>/errors/pow.css - CSS file used to control the appearance of the page

More information about how the PoW option works can be found in the documentation: https://docs.hostuno.com/PoW/