Differences
This shows you the differences between two versions of the page.
| Last revision Both sides next revision | |||
|
litespeed_wiki:lslb:recaptcha [2019/05/17 16:05] qtwrk created |
litespeed_wiki:lslb:recaptcha [2019/05/17 18:43] Lisa Clarke Copyediting |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== reCAPTCHA ====== | + | ====== reCAPTCHA with LiteSpeed Web ADC ====== |
| - | As of LiteSpeed ADC 2.4, reCAPTCHA is available as a method of defense against DDoS attack | + | As of LiteSpeed ADC 2.4, reCAPTCHA is available as a method of defense against DDoS attack. |
| ===== How To Enable at the Server Level ===== | ===== How To Enable at the Server Level ===== | ||
| Line 7: | Line 7: | ||
| Access the WebAdmin console via ''<nowiki>https://YOUR_SERVER_IP:7090 </nowiki>'' | Access the WebAdmin console via ''<nowiki>https://YOUR_SERVER_IP:7090 </nowiki>'' | ||
| - | Navigate to **Configuration -> Server -> Security -> reCAPTCHA Protection** | + | Navigate to **Configuration > Server > Security > reCAPTCHA Protection** |
| {{:litespeed_wiki:lslb:adc-recaptcha1.jpg|}} | {{:litespeed_wiki:lslb:adc-recaptcha1.jpg|}} | ||
| - | Set **Enable reCAPTCHA** to ''Yes''. This is the master switch and it is required for enabling in vhost level. | + | Set **Enable reCAPTCHA** to ''Yes''. This is the master switch and it is required for enabling at the vhost level. |
| For other options, hover over the ''?'' symbol to view detailed information about that option. | For other options, hover over the ''?'' symbol to view detailed information about that option. | ||
| - | Unlike LSWS, there is no sensitivity options for ADC, as an equivalent, it is determinated by concurrent connection level, reCAPTCHA will be activated once concurrent requests count reaches the configured connection limit. | + | Unlike LSWS, there are no sensitivity options for ADC. As an equivalent, it is determined by concurrent connection level. reCAPTCHA will be activated once concurrent requests count reaches the configured connection limit. |
| ===== How To Enable at the Virtual Host Level ===== | ===== How To Enable at the Virtual Host Level ===== | ||
| Line 28: | Line 28: | ||
| ==== Enable reCAPTCHA For Virtual Hosts Through Rewrite Rules ==== | ==== Enable reCAPTCHA For Virtual Hosts Through Rewrite Rules ==== | ||
| - | Use one of the following rewrite rule directives in LiteSpeed ADC vhost rewite rule tab. | + | From the Virtual Host configuration screen, navigate to **Rewrite**, set **Enable Rewrite** to ''Yes'' and enter either the ''[E=verifycaptcha]'' or ''[E=verifycaptcha: ACTION]'' directive: |
| {{:litespeed_wiki:lslb:adc-recaptcha2.png|}} | {{:litespeed_wiki:lslb:adc-recaptcha2.png|}} | ||
| - | |||
| - | |||
| - | ''[E=verifycaptcha]'' or ''[E=verifycaptcha: ACTION]'' | ||
| ''[E=verifycaptcha]'' will always redirect to reCAPTCHA until verified. ''ACTION'' can be ''deny'' to return a 403 or ''drop'' to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to reCAPTCHA. | ''[E=verifycaptcha]'' will always redirect to reCAPTCHA until verified. ''ACTION'' can be ''deny'' to return a 403 or ''drop'' to drop the connection when **Max Tries** is reached. Until Max Tries is reached, the client will be redirected to reCAPTCHA. | ||
| Line 40: | Line 37: | ||
| <code>RewriteCond SOME-CONDITIONAL-CHECK | <code>RewriteCond SOME-CONDITIONAL-CHECK | ||
| - | |||
| RewriteRule .* - [E=verifycaptcha]</code> | RewriteRule .* - [E=verifycaptcha]</code> | ||
| Line 49: | Line 45: | ||
| You can also use LiteSpeed ADC WebAdmin console to enable reCAPTCHA. | You can also use LiteSpeed ADC WebAdmin console to enable reCAPTCHA. | ||
| - | Navigate to **Configuration -> Virtual Hosts -> Security -> reCAPTCHA Protection** | + | Navigate to **Configuration > Virtual Hosts > Security** and set **reCAPTCHA Protection** to ''Yes''. |
| {{:litespeed_wiki:lslb:adc-recaptcha3.jpg|}} | {{:litespeed_wiki:lslb:adc-recaptcha3.jpg|}} | ||
| Line 56: | Line 52: | ||
| ===== Customizing the Good Bots List ===== | ===== Customizing the Good Bots List ===== | ||
| - | Google bots are considered good bots because they help index your site. However, they cannot do their job properly without receiving the correct page. The Bot Whitelist configuration may be used to specify bots that you may need for your site. | + | Google bots are considered good bots because they help index your site. However, they cannot do their job properly without receiving the correct page. The **Bot White List** configuration may be used to specify bots that you may need for your site. |
| {{:litespeed_wiki:lslb:adc-recaptcha4.jpg|}} | {{:litespeed_wiki:lslb:adc-recaptcha4.jpg|}} | ||
| - | Here, we have configured 'Edge' in the Bot Whitelist text area. Bot Whitelist is a ''contains'' match, but regex may be used as well. | + | Here, we have configured ''Edge'' in the **Bot White List** text area. Bot White List is a ''contains'' match, but regex may be used as well. |
| - | After restarting, browsers containing Edge in the user-agent header will bypass reCAPTCHA: | + | After restarting, browsers containing "Edge" in the user-agent header will bypass reCAPTCHA: |
| {{ :litespeed_wiki:config:recaptcha6.png?800 |The browser on the left is Microsoft Edge, the browser on the right is Chrome.}} | {{ :litespeed_wiki:config:recaptcha6.png?800 |The browser on the left is Microsoft Edge, the browser on the right is Chrome.}} | ||
| - | The Allowed Bot Hits configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to reCAPTCHA as well. This may be useful to prevent bad actors from bypassing reCAPTCHA using a custom user agent. | + | The **Allowed Robot Hits** configuration may be used to limit how many times a good bot (including Googlebot) is allowed to hit a URL before it is redirected to reCAPTCHA as well. This may be useful to prevent bad actors from bypassing reCAPTCHA using a custom user agent. |
| ===== Customizing the reCAPTCHA Page ===== | ===== Customizing the reCAPTCHA Page ===== | ||
| Line 72: | Line 68: | ||
| The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | The default reCAPTCHA page is generic. If you would like to customize the page, you may do so by creating a file at ''$SERVER_ROOT/lsrecaptcha/_recaptcha_custom.shtml''. | ||
| - | There are two script tags that are required and it is strongly recommended to avoid changing the form and the recaptchadiv unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. | + | There are two script tags that are required and it is strongly recommended to avoid changing the ''form'' and the ''recaptchadiv'' unless you know what you are doing. There are three echos within the page itself. Those are used by the web server to customize the reCAPTCHA type and keys and specify any query string used. |
| Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use configured type and keys. | Beyond those required attributes, everything else is customizable. As noted before, please ensure that you have backups of the default page and your customized page. Note that the ''.shtml'' extension is required in order to use configured type and keys. | ||