Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:config:recaptcha [2019/07/08 18:34]
qtwrk
+++ litespeed_wiki:config:recaptcha [2019/09/23 14:25]
Jackson Zhang [Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules]
@@ Line 21: / Line 21: @@
-When a visitor accesses the website , they will need to go though reCAPTCHA validation to protect against a DDoS attack such as HTTP Flood.
+When a visitor accesses the website, they will need to go though reCAPTCHA validation. This validation protects the server against HTTP Flood and other DDoS attacks.
-Once visitor successfully passed reCAPTCHA, there will be about 20 minutes of white-list time, which means if this user continues browser the site, it won't hit reCATPCHA again for better user experience, unless visitor has been inactive for more than 20 minutes since last request.
+After passing the reCAPTCHA validation, the visitor is temporarily whitelisted as long as they continue to browse the site. This makes for a better user experience. Once the visitor has been inactive for more than 20 minutes, reCAPTCHA is once again enabled for that visitor's next request.
 {{:litespeed_wiki:config:recaptcha3.jpg|}}
@@ Line 54: / Line 54: @@
-===== Advanced Configuration: Define reCAPTCHA Actions Through Rewrite Rules =====
+===== End-user can define reCAPTCHA Actions Through Rewrite Rules in .htaccess =====
+If Server System Admin would like the end-user to control/enable reCAPTCHA through .htaccess, System Admin will need to enable reCAPTCHA from server level globally and set server sensitivity to ''0'' first.
-If you want to further define the reCAPTCHA action as ''deny'' or ''drop'', you can use one of the following rewrite rule directives in control panel virtual host document root .htaccess:
+''[E=verifycaptcha]'' can be used to enable reCAPTCHA to override server-level ''0'' sensitivity.
-''[E=verifycaptcha]'' or ''[E=verifycaptcha: ACTION]''
+For example:
+<code>
+<IfModule LiteSpeed>
+RewriteCond SOME-CONDITIONAL-CHECK
+RewriteRule .* - [E=verifycaptcha]
+</IfModule>
+</code>
+(''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.)
-''[E=verifycaptcha]'' will always redirect to reCAPTCHA until verified. ''ACTION'' can be ''deny'' to return a 403 or ''drop'' to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to reCAPTCHA.
+The end user can even further define the reCAPTCHA action as ''deny'' or ''drop'' in .htaccess through ''[E=verifycaptcha: ACTION]''
 For example:
+<code>
+<IfModule LiteSpeed>
+RewriteCond SOME-CONDITIONAL-CHECK
+RewriteRule .* - [E=verifycaptcha: deny]
+</IfModule>
+</code>
-<code>RewriteCond SOME-CONDITIONAL-CHECK
+or
-RewriteRule .* - [E=verifycaptcha]</code>
+<code>
+<IfModule LiteSpeed>
+RewriteCond SOME-CONDITIONAL-CHECK
+RewriteRule .* - [E=verifycaptcha: drop]
+</IfModule>
+</code>
-(''SOME-CONDITIONAL-CHECK'' would be a suspicious UA, IP address, etc.)
+**NOTE1**''[E=verifycaptcha]'' will always redirect to reCAPTCHA until verified. ''ACTION'' can be ''deny'' to return a 403 or ''drop'' to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to reCAPTCHA.
-**NOTE**: In most cases, rewrite rules will override the default server behavior. However, in cases where trigger sensitivity is high, visitors may be sent directly to reCAPTCHA before the rewrite rules can even be processed.
+**NOTE2**: In most cases, rewrite rules will override the default server behavior. However, in cases where trigger sensitivity is high, visitors may be sent directly to reCAPTCHA before the rewrite rules can even be processed.
 ===== Customize the Good Bots List =====
@@ Line 78: / Line 99: @@
 {{:litespeed_wiki:config:recaptcha5.png|}}
-Here, we have configured 'Edge' in the Bot Whitelist text area. Bot Whitelist is a 'contains' match, but regex may be used as well.
+Here, we have configured ''Edge'' in the Bot Whitelist text area. Bot Whitelist is a ''contains'' match (case sensitive), but regex may be used as well.
 After restarting, browsers containing Edge in the user-agent header will bypass reCAPTCHA:
@@ Line 95: / Line 116: @@
 ===== Apply Your Own Site Key =====
-You can apply your own reCAPTCHA key and adjust the configuration as you like. Client verification is completely determined by Google's reCAPTCHA service. The invisible type may display a difficult puzzle.
+You can apply your own reCAPTCHA key and adjust the configuration as you like from [[https://developers.google.com/recaptcha/intro|here]]. Client verification is completely determined by Google's reCAPTCHA service. The invisible type may display a difficult puzzle.
-For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain.
+For server wide protection that needs to cover a lot of domains, make sure ''Verify the origin of reCAPTCHA'' solutions is unchecked. Otherwise, you may need to apply a key for each domain. Please refer to google doc [[https://developers.google.com/recaptcha/docs/domain_validation|here]].
 ===== Set Trigger Sensitivity =====
@@ Line 112: / Line 133: @@
 Active connections * 100 / **Max Connections** > (100 - **Trigger Sensitivity**)
-For example you have max connection set to 1000 , and trigger sensitivity to 20, and currently you have 900 connection , so in that case
+For example:
+If **Max Connections** = ''1000'', **Trigger Sensitivity** = ''20'', and you currently have 900 connections, the formula would be evaluated like so:
-*100/1000 > 100 - 20
+* 100 / 1000 > 100 - 20
 > 80
-so the incoming connection will get reCAPTCHA test.
+The result is true, so the incoming connection //will// be given a reCAPTCHA test.
-and calculates backward , you will see that when connection is under 800, user won't hit reCAPTCHA test.
+Calculating backwards, you can see that when the number of connections drops to less than 800, reCAPTCHA will not be invoked.