CAPTCHA protection is optional. It is disabled by default and will only apply to the specific URLs that you include in a rule.
Users who request a CAPTCHA-protected URL will be required to manually click a button to proceed from the CAPTCHA-protected page to their destination URL.
If your site is under DDOS attack, temporarily setting a CAPTCHA protection rule for the entire site (enter
/ as the URL) is an option to help filter out disruptive traffic, although you should try using HTTP Flood Protection first.
More often, CAPTCHA protection is used to help prevent automated scraping of pages with proprietary data, allowing ordinary users to browse with no issues.