Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
litespeed_wiki:config:recaptcha [2019/01/14 14:38]
qtwrk created
litespeed_wiki:config:recaptcha [2019/03/05 21:18] (current)
Kevin Fwu [Rewrite Rule]
Line 1: Line 1:
-===== reCAPTCHA =====+====== reCAPTCHA ​======
  
-Since LiteSpeed WebServer 5.4RC1, reCAPTCHA ​has been introduced in order to defend from DDoS attack.+As of LiteSpeed WebServer 5.4RC1, reCAPTCHA ​is available as a method of defense against ​DDoS attack.
  
-==== How To Enable ​On Server Level ====+===== How To Enable ​at the Server Level =====
  
-Access ​webadmin ​console ​by https://​YOUR_SERVER_IP:​7080+Access ​the WebAdmin ​console ​via ''<​nowiki>​https://​YOUR_SERVER_IP:​7080 ​</​nowiki>''​
  
-Configuration -> Server -> Security -> reCAPTCHA Protection+Navigate to **Configuration -> Server -> Security -> reCAPTCHA Protection**
  
 {{:​litespeed_wiki:​config:​recaptcha1.jpg|}} {{:​litespeed_wiki:​config:​recaptcha1.jpg|}}
  
  
-Set **Enable reCAPTCHA** to Yes, this is the master switch.+Set **Enable reCAPTCHA** to ''​Yes''​. This is the master switch.
  
-For other options ​please ​hover over the ''?''​ symbol to view detail ​information.+For other optionshover over the ''?''​ symbol to view detailed ​information ​about that option.
  
  
-For demonstration ​purpose this guide will set it to maximum ​sensitivity and type checkbox ​(please ​adjust ​the value according to your needs.), save and restart LSWS.+For demonstration ​purposes, we will set **Trigger Sensitivity** ​to maximum (''​100''​),​ and **reCAPTCHA Type** to ''​Checkbox''​. You  may adjust ​these values ​according to your needs. ​Save and restart LSWS.
  
 {{:​litespeed_wiki:​config:​recaptcha2.jpg|}} {{:​litespeed_wiki:​config:​recaptcha2.jpg|}}
  
  
-When access ​the website , it will need to do reCAPTCHA validation to against DDoS attack such as HTTP Flood.+When a visitor accesses ​the website , they will need to go though ​reCAPTCHA validation to protect ​against ​DDoS attack such as HTTP Flood.
  
 {{:​litespeed_wiki:​config:​recaptcha3.jpg|}} {{:​litespeed_wiki:​config:​recaptcha3.jpg|}}
  
-You can also only enable reCAPTCHA on an individual virtual host that is under attack while leave other websites ​less intruded and distributed.+You can also enable reCAPTCHA on an individual virtual host that is under attackwhile leaving ​other websites ​disabled.
  
-=== How To Enable ​On Vhost Level ===+===== How To Enable ​at the Vhost Level =====
  
-Server level reCAPTCHA must be enable.+Server-level reCAPTCHA must be enabled.
  
-Please note that virtual host level sensitivity will override the server level.+Please note that virtual-host-level sensitivity will override ​the sensitivity set at the server level.
  
-== Rewrite Rule: ==+You can enable virtual-host-level reCAPTCHA through rewrite rules or the WebAdmin console.
  
-using following rewrite rule directive.+==== Rewrite Rule ====
  
-**[E=verifycaptcha]** or **[E=verifycaptchadeny]** ​+Use one of the following rewrite rule directives:
  
-[E=verifycaptcha] ​will always redirect to reCAPTCHA until verified. ​[E=verifycaptcha: ​deny] will redirect to reCAPTCHA until **Max Tries** is reached, ​after which the client will be denied.+''​[E=verifycaptcha]''​ or ''​[E=verifycaptcha: ​ACTION]''​ 
 + 
 +''​[E=verifycaptcha]'' ​will always ​redirect to reCAPTCHA until verified. ''​ACTION''​ can be ''​deny''​ to return a 403 or ''​drop''​ to drop the connection when **Max Tries** ​is reached. Until Max Tries is reached, the client will be redirected to recaptcha.
  
 For example: For example:
  
-<​code>​RewriteCond SOME-CONDITIONAL-CHECK ​(suspicious UA, IP address ...etc)+<​code>​RewriteCond SOME-CONDITIONAL-CHECK
  
 RewriteRule .* - [E=verifycaptcha]</​code>​ RewriteRule .* - [E=verifycaptcha]</​code>​
  
-== LiteSpeed native mode: == +(''​SOME-CONDITIONAL-CHECK''​ would be a suspicious UA, IP address, etc.)
  
-You can also use LSWS webadmin console to enable reCAPTCHA if it is LSWS native mode.+==== LiteSpeed Native Mode ==== 
  
-Configuration -> Virtual Hosts -> Security -> reCAPTCHA Protection+You can also use LSWS WebAdmin console to enable reCAPTCHA in LSWS native mode. 
 + 
 +Navigate to **Configuration -> Virtual Hosts -> Security -> reCAPTCHA Protection**
  
 {{:​litespeed_wiki:​config:​recaptcha4.jpg|}} {{:​litespeed_wiki:​config:​recaptcha4.jpg|}}
  
 +===== Customizing the Good Bots List =====
 +
 +Google bots are considered good bots because they help index your site. However, they cannot do their job properly without receiving the correct page. The Bot Whitelist configuration may be used to specify bots that you may need for your site.
 +
 +{{:​litespeed_wiki:​config:​recaptcha5.png|}}
 +
 +Here, we have configured '​Edge'​ in the Bot Whitelist text area. Bot Whitelist is a '​contains'​ match, but regex may be used as well.
 +
 +After restarting, browsers containing Edge in the user-agent header will bypass recaptcha:
 +
 +{{ :​litespeed_wiki:​config:​recaptcha6.png?​800 |The browser on the left is Microsoft Edge, the browser on the right is Chrome.}}
 +
 +The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to recaptcha as well. This may be useful to prevent bad actors from bypassing recaptcha using a custom user agent.
 +
 +===== Customizing the Recaptcha Page =====
 +
 +The default recaptcha page is generic. If you would like to customize the page, you may do so by creating a file at ''​$SERVER_ROOT/​lsrecaptcha/​_recaptcha_custom.shtml''​.
 +
 +There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the recaptcha type and keys and specify any query string used.
  
 +Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''​.shtml''​ extension is required in order to use the LSWS configured type and keys.
  • Admin
  • Last modified: 2019/01/14 14:38
  • by qtwrk