Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:recaptcha [2019/06/12 16:20] Jackson Zhang [Override reCAPTCHA for Control Panel Virtual Hosts Through "LsRecaptcha" directive] |
litespeed_wiki:config:recaptcha [2019/06/14 20:29] Lisa Clarke [Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| As of LiteSpeed WebServer 5.4RC1, reCAPTCHA is available as a method of defense against DDoS attack. | As of LiteSpeed WebServer 5.4RC1, reCAPTCHA is available as a method of defense against DDoS attack. | ||
| - | ===== How To Enable at the Server Level Globally ===== | + | ===== Enable Globally at the Server Level ===== |
| Access the WebAdmin console via ''<nowiki>https://YOUR_SERVER_IP:7080 </nowiki>'' | Access the WebAdmin console via ''<nowiki>https://YOUR_SERVER_IP:7080 </nowiki>'' | ||
| Line 12: | Line 12: | ||
| - | Set **Enable reCAPTCHA** to ''Yes''. This is the master switch and it is required for both control panel environment and LSWS native environment. Once it is set to ''Yes'' and it will enable reCAPTCHA feature for all control panel apache virtual hosts as well as LSWS native virtual hosts globally unless an overriding at the virltual host level. | + | Set **Enable reCAPTCHA** to ''Yes''. This is the master switch and it is required for both a control panel environment and an LSWS native environment. It will enable the reCAPTCHA feature for all control panel Apache virtual hosts as well as LSWS native virtual hosts globally. It may be overridden at the virtual host level. |
| For other options, hover over the ''?'' symbol to view detailed information about that option. | For other options, hover over the ''?'' symbol to view detailed information about that option. | ||
| - | For demonstration purposes, we will set **Trigger Sensitivity** to maximum (''100''), and **reCAPTCHA Type** to ''Checkbox''. You may adjust these values according to your needs. Save and restart LSWS. Once ''Enable rePAPTCHA'' is set to ''Yes'', this sensitivity setting will be inherited to all control panel apache virtual hosts and LSWS native virtual hosts unless further overriding on the virtual host level. | + | For demonstration purposes, we will set **Trigger Sensitivity** to maximum (''100''), and **reCAPTCHA Type** to ''Checkbox''. You may adjust these values according to your needs. Save and restart LSWS. This sensitivity setting will be inherited by all control panel Apache virtual hosts and LSWS native virtual hosts unless overridden at the virtual host level. |
| {{:litespeed_wiki:config:recaptcha2.jpg|}} | {{:litespeed_wiki:config:recaptcha2.jpg|}} | ||
| Line 27: | Line 27: | ||
| You can also enable reCAPTCHA on an individual virtual host that is under attack, while leaving other websites disabled. | You can also enable reCAPTCHA on an individual virtual host that is under attack, while leaving other websites disabled. | ||
| - | ===== How To Override/Disable reCAPTCHA setting at the Virtual Host Level ===== | + | ===== Override/Disable at the Virtual Host Level ===== |
| - | Assuming you have enabled reCAPTCHA on LSWS server level globally, for control panel environment, you can use "LsRecaptcha" directive in Apache virtual host include file to override inherited global settings; for LSWS native virtual host, you can use virtual host LSWS admin settings to override global settings. | + | Assuming you have enabled reCAPTCHA at the server level globally, you can override the settings at a virtual host level, but how you do so depends on which environment you are using. |
| - | + | ==== Override/Disable for Apache Virtual Hosts ==== | |
| - | ==== Override/Disable reCAPTCHA for Control Panel Virtual Hosts Through "LsRecaptcha" directive ==== | + | As of LSWS v5.4RC4, you can configure vhost-level reCAPTCHA via the ''LsRecaptcha'' directive in the virtual host include configuration. |
| - | With latest build of 5.4RC4, you can configure vhost level recaptcha via virtual host include configurations through "LsREcaptcha" directive and it can not be used in .htaccess: | + | |
| <IfModule LiteSpeed> | <IfModule LiteSpeed> | ||
| Line 40: | Line 39: | ||
| </IfModule> | </IfModule> | ||
| | | ||
| - | ''0-100'' defines/overrides ''Trigger Sensitivity'' for that virtual host. | + | The ''0-100'' value defines or overrides **Trigger Sensitivity** for the virtual host. When LsRecaptcha is set to ''0'', it means the reCAPTCHA feature has been disabled for that virtual host. |
| - | When LsRecaptcha is set to ''0'', it means the Recaptcha feature has been disabled for that virtual host. | + | |
| - | ==== Override reCAPTCHA for LiteSpeed Native Virtual Hosts ==== | + | **NOTE**: The ''LsRecaptcha'' directive cannot be used in .htaccess files. |
| - | You can also use LSWS WebAdmin console to override reCAPTCHA in LSWS native mode. | + | ==== Override for LiteSpeed Native Virtual Hosts ==== |
| + | |||
| + | Use the LSWS WebAdmin console to override reCAPTCHA in LSWS native mode. | ||
| Navigate to **Configuration -> Virtual Hosts -> Security -> reCAPTCHA Protection** | Navigate to **Configuration -> Virtual Hosts -> Security -> reCAPTCHA Protection** | ||
| Line 52: | Line 52: | ||
| - | ===== Advanced Configuration: define reCAPTCHA actions through Rewrite Rules ===== | + | ===== Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules ===== |
| - | If you want to further define ReCAPTCHA action as ''deny'' or ''drop'', you can use one of the following rewrite rule directives in control panel virtual host document root .htaccess: | + | If you want to further define the reCAPTCHA action as ''deny'' or ''drop'', you can use one of the following rewrite rule directives in control panel virtual host document root .htaccess: |
| ''[E=verifycaptcha]'' or ''[E=verifycaptcha: ACTION]'' | ''[E=verifycaptcha]'' or ''[E=verifycaptcha: ACTION]'' | ||
| Line 68: | Line 68: | ||
| (''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.) | (''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.) | ||
| - | ===== Customizing the Good Bots List ===== | + | **NOTE**: In most cases, rewrite rules will override the default server behavior. However, in cases where trigger sensitivity is high, visitors may be sent directly to reCAPTCHA before the rewrite rules can even be processed. |
| + | |||
| + | ===== Customize the Good Bots List ===== | ||
| Google bots are considered good bots because they help index your site. However, they cannot do their job properly without receiving the correct page. The Bot Whitelist configuration may be used to specify bots that you may need for your site. | Google bots are considered good bots because they help index your site. However, they cannot do their job properly without receiving the correct page. The Bot Whitelist configuration may be used to specify bots that you may need for your site. | ||
| Line 82: | Line 84: | ||
| The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to reCAPTCHA as well. This may be useful to prevent bad actors from bypassing reCAPTCHA using a custom user agent. | The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to reCAPTCHA as well. This may be useful to prevent bad actors from bypassing reCAPTCHA using a custom user agent. | ||
| - | ===== Customizing the reCAPTCHA Page ===== | + | ===== Customize the reCAPTCHA Page ===== |
| The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | ||
| - | There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. | + | There are two script tags that are required and it is strongly recommended to avoid changing the form and the ''recaptchadiv'' unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. |
| Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use the LSWS configured type and keys. | Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use the LSWS configured type and keys. | ||
| Line 95: | Line 97: | ||
| For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain. | For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain. | ||
| - | ===== Trigger Sensitivity ===== | + | ===== Set Trigger Sensitivity ===== |
| - | Trigger Sensitivity refers to the automatic reCAPTCHA sensitivity. The higher the value, the more likely reCAPTCHA Protection will be used. A value of 0 is equivalent to "Off" while a value of 100 is equivalent to "Always On". Default values: Server level: 0. Virtual Host level: Inherit Server level setting. Syntax: Integer value between 0 and 100. | + | Trigger Sensitivity refers to the automatic reCAPTCHA sensitivity. The higher the value, the more likely reCAPTCHA Protection will be used. A value of ''0'' is equivalent to "Off" while a value of ''100'' is equivalent to "Always On". |
| - | LiteSpeed calculates Trigger Sensitivity as the percentage of your server capacity used, based on the number of active connections. reCAPTCHA is activated when "in use connection" * 100 / max connections" > (100 - sensitivity). | + | Default values: |
| + | * Server level: ''0''. | ||
| + | * Virtual Host level: inherits server-level setting. | ||
| + | |||
| + | Syntax: Integer value between ''0'' and ''100''. | ||
| + | |||
| + | LiteSpeed calculates **Trigger Sensitivity** as the percentage of your server capacity used, based on the number of active connections. reCAPTCHA is activated when this formula is true: | ||
| + | |||
| + | Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) | ||
| ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ||
| - | If reCAPTCHA fails a few times, it will return a 403 error and then drop the connection from that IP. It is the way it works in order to block attacks. If the ''invisible'' reCAPTCHA keeps auto-refreshing and then fails, just change the type to ''one-click''. | + | If reCAPTCHA fails a few times, it will return a 403 error and then drop the connection from that IP. It works this way in order to block attacks. If the ''invisible'' reCAPTCHA keeps auto-refreshing and then fails, just change the type to ''one-click''. |
| + | |||