Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:recaptcha [2019/06/14 20:29] Lisa Clarke [Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules] |
litespeed_wiki:config:recaptcha [2019/07/24 20:27] Jackson Zhang |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| - | When a visitor accesses the website , they will need to go though reCAPTCHA validation to protect against a DDoS attack such as HTTP Flood. | + | When a visitor accesses the website, they will need to go though reCAPTCHA validation. This validation protects the server against HTTP Flood and other DDoS attacks. |
| + | |||
| + | After passing the reCAPTCHA validation, the visitor is temporarily whitelisted as long as they continue to browse the site. This makes for a better user experience. Once the visitor has been inactive for more than 20 minutes, reCAPTCHA is once again enabled for that visitor's next request. | ||
| {{:litespeed_wiki:config:recaptcha3.jpg|}} | {{:litespeed_wiki:config:recaptcha3.jpg|}} | ||
| Line 93: | Line 95: | ||
| ===== Apply Your Own Site Key ===== | ===== Apply Your Own Site Key ===== | ||
| - | You can apply your own reCAPTCHA key and adjust the configuration as you like. Client verification is completely determined by Google's reCAPTCHA service. The invisible type may display a difficult puzzle. | + | You can apply your own reCAPTCHA key and adjust the configuration as you like from [[https://developers.google.com/recaptcha/intro|here]]. Client verification is completely determined by Google's reCAPTCHA service. The invisible type may display a difficult puzzle. |
| - | For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain. | + | For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain. Please refer google doc [[https://developers.google.com/recaptcha/docs/domain_validation|here]]. |
| ===== Set Trigger Sensitivity ===== | ===== Set Trigger Sensitivity ===== | ||
| Line 109: | Line 111: | ||
| Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) | Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**) | ||
| + | |||
| + | For example: | ||
| + | |||
| + | If **Max Connections** = ''1000'', **Trigger Sensitivity** = ''20'', and you currently have 900 connections, the formula would be evaluated like so: | ||
| + | |||
| + | 900 * 100 / 1000 > 100 - 20 | ||
| + | |||
| + | 90 > 80 | ||
| + | |||
| + | The result is true, so the incoming connection //will// be given a reCAPTCHA test. | ||
| + | |||
| + | Calculating backwards, you can see that when the number of connections drops to less than 800, reCAPTCHA will not be invoked. | ||
| + | |||
| ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ===== reCAPTCHA Returning 403 and Dropping Connection ===== | ||