Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:recaptcha [2019/06/14 20:04] Lisa Clarke [Override/Disable for Control Panel Virtual Hosts] |
litespeed_wiki:config:recaptcha [2019/07/08 18:34] qtwrk |
||
|---|---|---|---|
| Line 22: | Line 22: | ||
| When a visitor accesses the website , they will need to go though reCAPTCHA validation to protect against a DDoS attack such as HTTP Flood. | When a visitor accesses the website , they will need to go though reCAPTCHA validation to protect against a DDoS attack such as HTTP Flood. | ||
| + | |||
| + | Once visitor successfully passed reCAPTCHA, there will be about 20 minutes of white-list time, which means if this user continues browser the site, it won't hit reCATPCHA again for better user experience, unless visitor has been inactive for more than 20 minutes since last request. | ||
| {{:litespeed_wiki:config:recaptcha3.jpg|}} | {{:litespeed_wiki:config:recaptcha3.jpg|}} | ||
| Line 67: | Line 69: | ||
| (''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.) | (''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.) | ||
| + | |||
| + | **NOTE**: In most cases, rewrite rules will override the default server behavior. However, in cases where trigger sensitivity is high, visitors may be sent directly to reCAPTCHA before the rewrite rules can even be processed. | ||
| ===== Customize the Good Bots List ===== | ===== Customize the Good Bots List ===== | ||
| Line 86: | Line 90: | ||
| The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | ||
| - | There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. | + | There are two script tags that are required and it is strongly recommended to avoid changing the form and the ''recaptchadiv'' unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. |
| Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use the LSWS configured type and keys. | Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use the LSWS configured type and keys. | ||
| Line 107: | Line 111: | ||
| Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) | Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) | ||
| + | |||
| + | For example you have max connection set to 1000 , and trigger sensitivity to 20, and currently you have 900 connection , so in that case | ||
| + | |||
| + | 900*100/1000 > 100 - 20 | ||
| + | |||
| + | 90 > 80 | ||
| + | |||
| + | so the incoming connection will get reCAPTCHA test. | ||
| + | |||
| + | and calculates backward , you will see that when connection is under 800, user won't hit reCAPTCHA test. | ||
| + | |||
| ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ||