Protecting Your Site with a Captcha
Web Controls enable you to use pre-defined security and performance rule sets. Rule sets minimize the need to discover, define, and maintain a large number of individual rules. Instead, you can create rule sets that match individual request or response conditions and execute a set of actions predefined in the Webscale Control Panel. Based on the conditions, Web Controls automatically execute a set of pre-defined actions after all conditions are met. Through Web Controls, you can create complex sequences of actions.
A useful action to add to a web control is the Challenge User action. This action will present users that match the Condition specified with a Google ReCaptcha they must solve to prove they are not a bot. A previously validated user is not presented with a challenge. An example of when to use this type of web control is if you are seeing elevated malicious or suspicious behavior on your site, or if you have a list of IPs that you already know to be malicious.
To follow these instructions, log into Webscale Control Panel and click the three vertical dots menu of the application box.
On the menu that appears, click Edit.
Prerequisite
Since you’re setting a Web Control, we recommend reading Creating Web Controls before following these steps.Create the Challenge User Action
Click + Add action to create an action for the new Web Control, which opens the Create Action dialog. To proceed, click Select an Action.
A list of actions is now displayed. Select Challenge User and click the Done button to return to the Edit Web Control screen. Remember that you can add more than one action.
Note:
When the specified Condition is met, the captcha will be presented to every user that meets the condition, and will continue to be presented until the user solves the captcha. The captcha action uses the hostname of the site the user is visiting, the user’s IP address, and the useragent (browser, OS, device) the user is using. If a user matches the conditions of the web control, the web control sets an encrypted cookie containing this information and shows the user a captcha. When the captcha is successfully solved, it updates the cookie to state that the user passed the challenge, and the user will no longer have to solve a captcha. The action then behaves as if it were a Continue action, even if the user continues to match the condition of the Web Control.When a condition is met, then all specified actions are applied to the request. You can only choose one final action. Final actions run last; the order of execution of other actions is unspecified and not necessarily in the order displayed.
Further reading
- Captcha pages in Working with Microsites
- Web Controls
- How to Block Countries from Accessing Your Site
- Editing the Allowlist
- Enabling Bot IP Shield
Have questions not answered here? Please Contact Support to get more help.
Feedback
Was this page helpful?
Glad to hear it! Have any more feedback? Please share it here.
Sorry to hear that. Have any more feedback? Please share it here.