As one of the lines of defense against automated bots, the Barracuda Web Application Firewall can issue a challenge in the form of CAPTCHA tests. The Barracuda Web Application Firewall can be configured to issue any one of the following:
CAPTCHA – A challenge is enforced on the client when they are tagged as suspicious. The client is forced to answer a CAPTCHA challenge before accessing the URL space. The suspicious client IP addresses will be tracked for a defined time of 900 seconds.
ReCAPTCHAv2 – A challenge enforced on the client for protecting a website from spam or any other types of automated abuse like BOTS etc. The Barracuda Web Application Firewall uses Google reCAPTCHA, which is an advancement over the classical version of CAPTCHA for protecting websites from spams. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on a client’s site. It also allows all valid clients to pass through with ease.
The Captcha/reCaptcha method Settings section allows the administrator to choose the type of challenge to be enforced on the incoming clients for validation. The incoming clients are challenged with CAPTCHA and reCAPTCHA to find if they are regular browsers, BOTs, or crawlers. The administrator configures a URL space and chooses to have CAPTCHAs issued to all clients who access that URL space, or alternately, issue CAPTCHAs to the clients that are profiled to be suspicious.
reCAPTCHAv3 – An invisible CAPTCHA that returns a score for the request without interpreting with the user. This means that the user has no action to perform during validation. The invisible reCaptcha automatically analyzes and appears only when it realizes the existence of any type of automated abuses like BOTS etc. When a challenge is enforced on the client, it returns a score for the request. The score is based on interactions with your website and enables you to take an appropriate action.
The type of challenge to be presented to the incoming clients for validation is chosen on the BASIC > Services tab. When the reCAPTCHA option is selected, few additional fields are displayed for configuration.
- Domains – Specify the domain to be challenged with selected captcha method
- Site Key – Specify the reCAPTCHA site key for the selected domain
- Site Secret – Specify the reCAPTCHA secret for the selected domain