Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
litespeed_wiki:config:recaptcha [2019/06/14 20:29]
Lisa Clarke [Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules]
litespeed_wiki:config:recaptcha [2019/07/24 20:27]
Jackson Zhang
Line 21: Line 21:
  
  
-When a visitor accesses the website , they will need to go though reCAPTCHA validation ​to protect ​against ​a DDoS attack such as HTTP Flood.+When a visitor accesses the website, they will need to go though reCAPTCHA validation. This validation protects the server ​against HTTP Flood and other DDoS attacks. 
 + 
 +After passing the reCAPTCHA validation, the visitor is temporarily whitelisted as long as they continue to browse the site. This makes for a better user experience. Once the visitor has been inactive for more than 20 minutes, reCAPTCHA is once again enabled for that visitor'​s next request.
  
 {{:​litespeed_wiki:​config:​recaptcha3.jpg|}} {{:​litespeed_wiki:​config:​recaptcha3.jpg|}}
Line 93: Line 95:
  
 ===== Apply Your Own Site Key ===== ===== Apply Your Own Site Key =====
-You can apply your own reCAPTCHA key and adjust the configuration as you like. Client verification is completely determined by Google'​s reCAPTCHA service. The invisible type may display a difficult puzzle.+You can apply your own reCAPTCHA key and adjust the configuration as you like from [[https://​developers.google.com/​recaptcha/​intro|here]]. Client verification is completely determined by Google'​s reCAPTCHA service. The invisible type may display a difficult puzzle.
  
-For server wide protection that needs to cover a lot of domains, make sure ''​Verify the origin of reCAPTCHA''​ solutions is unchecked. Otherwise, you may need to apply a key for each domain.+For server wide protection that needs to cover a lot of domains, make sure ''​Verify the origin of reCAPTCHA''​ solutions is unchecked. Otherwise, you may need to apply a key for each domain. Please refer google doc [[https://​developers.google.com/​recaptcha/​docs/​domain_validation|here]].
  
 ===== Set Trigger Sensitivity ===== ===== Set Trigger Sensitivity =====
Line 109: Line 111:
  
 Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**)
 +
 +For example:
 +
 +If **Max Connections** = ''​1000'',​ **Trigger Sensitivity** = ''​20'',​ and you currently have 900 connections,​ the formula would be evaluated like so:
 +
 +900 * 100 / 1000 > 100 - 20
 +
 +90 > 80 
 +
 +The result is true, so the incoming connection //will// be given a reCAPTCHA test.
 +
 +Calculating backwards, you can see that when the number of connections drops to less than 800, reCAPTCHA will not be invoked.
 +
  
 ===== reCAPTCHA Returning 403 and Dropping Connection ===== ===== reCAPTCHA Returning 403 and Dropping Connection =====
  • Admin
  • Last modified: 2019/08/14 11:44
  • by qtwrk