The approach taken by the Barracuda Web Application Firewall to defeat bots is to use Completely Automated Public Turing test to tell Computers and Humans Apart(CAPTCHAs) and ReCaptcha.
Captcha – a challenge is enforced on the client when they are tagged as suspicious. The client is forced to answer a CAPTCHA challenge before accessing the URL space. The suspicious client IP addresses will be tracked for a defined time of 900 seconds.
ReCaptcha – a challenge enforced on the client for protecting a website from a spam or any other types of automated abuse like BOTS etc. Barracuda WAF uses Google reCAPTCHA which is an advancement over classical version of CAPTCHAs for protecting websites from spams. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on client’s site. It also allows all valid clients to pass through with ease.
The Captcha/reCaptcha method Settings section allows the administrator to choose the type of challenge to be enforced on the incoming clients for validation. The incoming clients are challenged with CAPTCHA and reCAPTCHA to find if they are regular browsers, or BOTs, or crawlers. The administrator configures a URL space and choose to have CAPTCHAs issued to all clients who access that URL space, or alternately, issue CAPTCHAs to the clients which are profiled to be suspicious.
The type of challenge to be presented to the incoming clients for validation is chosen on the BASIC > Services tab . When the reCAPTCHA option is selected, few additional fields are displayed for configuration.
- Domains – Specify the domain to be challenged with selected captcha method
- Site Key – Specify the reCAPTCHA site key for the selected domain
- Site Secret – Specify the reCAPTCHA secret for the selected domain