Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
litespeed_wiki:config:recaptcha [2019/04/01 16:09]
Jackson Zhang [How To Enable at the Vhost Level]
litespeed_wiki:config:recaptcha [2019/04/09 15:56]
Lisa Clarke [reCAPTCHA returning 403 and drop connection to the IP] Proofreading
Line 12: Line 12:
  
  
-Set **Enable reCAPTCHA** to ''​Yes''​. This is the master switch.+Set **Enable reCAPTCHA** to ''​Yes''​. This is the master switch ​and it is required for both control panel environment and LSWS native environment
  
 For other options, hover over the ''?''​ symbol to view detailed information about that option. For other options, hover over the ''?''​ symbol to view detailed information about that option.
Line 28: Line 28:
 You can also enable reCAPTCHA on an individual virtual host that is under attack, while leaving other websites disabled. You can also enable reCAPTCHA on an individual virtual host that is under attack, while leaving other websites disabled.
  
-===== How To Enable at the Vhost Level =====+===== How To Enable at the Virtual Host Level =====
  
-Server-level reCAPTCHA must be enabled.+Server-level reCAPTCHA must be enabled ​even control panel used
  
-Please note that virtual-host-level sensitivity will override the sensitivity set at the server level.+LSWS native ​virtual-host-level sensitivity will override the sensitivity set at the server level.
  
 You can enable virtual-host-level reCAPTCHA through rewrite rules for control panel virtual hosts or through the WebAdmin console for LSWS native virtual hosts. You can enable virtual-host-level reCAPTCHA through rewrite rules for control panel virtual hosts or through the WebAdmin console for LSWS native virtual hosts.
  
-==== Rewrite ​Rule ====+==== Enable reCAPTCHA for Control Panel Virtual Hosts Through ​Rewrite ​Rules ====
  
-Use one of the following rewrite rule directives:+Use one of the following rewrite rule directives ​in control panel virtual host document root .htaccess:
  
 ''​[E=verifycaptcha]''​ or ''​[E=verifycaptcha:​ ACTION]''​ ''​[E=verifycaptcha]''​ or ''​[E=verifycaptcha:​ ACTION]''​
  
-''​[E=verifycaptcha]''​ will always redirect to reCAPTCHA until verified. ''​ACTION''​ can be ''​deny''​ to return a 403 or ''​drop''​ to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to recaptcha.+''​[E=verifycaptcha]''​ will always redirect to reCAPTCHA until verified. ''​ACTION''​ can be ''​deny''​ to return a 403 or ''​drop''​ to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to reCAPTCHA.
  
 For example: For example:
Line 52: Line 52:
 (''​SOME-CONDITIONAL-CHECK''​ would be a suspicious UA, IP address, etc.) (''​SOME-CONDITIONAL-CHECK''​ would be a suspicious UA, IP address, etc.)
  
-==== LiteSpeed Native ​Mode ==== +==== Enable reCAPTCHA for LiteSpeed Native ​Virtual Hosts ==== 
  
 You can also use LSWS WebAdmin console to enable reCAPTCHA in LSWS native mode. You can also use LSWS WebAdmin console to enable reCAPTCHA in LSWS native mode.
Line 68: Line 68:
 Here, we have configured '​Edge'​ in the Bot Whitelist text area. Bot Whitelist is a '​contains'​ match, but regex may be used as well. Here, we have configured '​Edge'​ in the Bot Whitelist text area. Bot Whitelist is a '​contains'​ match, but regex may be used as well.
  
-After restarting, browsers containing Edge in the user-agent header will bypass ​recaptcha:+After restarting, browsers containing Edge in the user-agent header will bypass ​reCAPTCHA:
  
 {{ :​litespeed_wiki:​config:​recaptcha6.png?​800 |The browser on the left is Microsoft Edge, the browser on the right is Chrome.}} {{ :​litespeed_wiki:​config:​recaptcha6.png?​800 |The browser on the left is Microsoft Edge, the browser on the right is Chrome.}}
  
-The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to recaptcha ​as well. This may be useful to prevent bad actors from bypassing ​recaptcha ​using a custom user agent.+The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to reCAPTCHA ​as well. This may be useful to prevent bad actors from bypassing ​reCAPTCHA ​using a custom user agent.
  
-===== Customizing the Recaptcha ​Page =====+===== Customizing the reCAPTCHA ​Page =====
  
-The default ​recaptcha ​page is generic. If you would like to customize the page, you may do so by creating a file at ''​$SERVER_ROOT/​lsrecaptcha/​_recaptcha_custom.shtml''​.+The default ​reCAPTCHA ​page is generic. If you would like to customize the page, you may do so by creating a file at ''​$SERVER_ROOT/​lsrecaptcha/​_recaptcha_custom.shtml''​.
  
-There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the recaptcha ​type and keys and specify any query string used.+There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA ​type and keys and specify any query string used.
  
 Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''​.shtml''​ extension is required in order to use the LSWS configured type and keys. Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''​.shtml''​ extension is required in order to use the LSWS configured type and keys.
 +
 +===== Apply Your Own Site Key =====
 +You can apply your own reCAPTCHA key and adjust the configuration as you like. Client verification is completely determined by Google'​s reCAPTCHA service. The invisible type may display a difficult puzzle.
 +
 +For server wide protection that needs to cover a lot of domains, make sure ''​Verify the origin of reCAPTCHA''​ solutions is unchecked. Otherwise, you may need to apply a key for each domain.
 +
 +===== Trigger Sensitivity =====
 +Trigger Sensitivity refers to the automatic reCAPTCHA sensitivity. The higher the value, the more likely reCAPTCHA Protection will be used. A value of 0 is equivalent to "​Off"​ while a value of 100 is equivalent to "​Always On". Default values: Server level: 0. Virtual Host level: Inherit Server level setting. Syntax: Integer value between 0 and 100.
 +
 +LiteSpeed calculates Trigger Sensitivity as the percentage of your server capacity used, based on the number of active connections. reCAPTCHA is activated when "in use connection"​ * 100 / max connections"​ > (100 - sensitivity).
 +
 +===== reCAPTCHA Returning 403 and Dropping Connection =====
 +
 +If reCAPTCHA fails a few times, it will return a 403 error and then drop the connection from that IP. It is the way it works in order to block attacks. If the ''​invisible''​ reCAPTCHA keeps auto-refreshing and then fails, just change the type to ''​one-click''​.
  • Admin
  • Last modified: 2019/09/23 14:25
  • by Jackson Zhang