We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Protection Mechanisms

  • Last updated on

The approach taken by the Barracuda Web Application Firewall to defeat bots is to use Completely Automated Public Turing test to tell Computers and Humans Apart(CAPTCHAs) and ReCaptcha.

Captcha – a challenge is enforced on the client when they are tagged as suspicious. The client is forced to answer a CAPTCHA challenge before accessing the URL space. The suspicious client IP addresses will be tracked for a defined time of 900 seconds.

ReCaptcha – a challenge enforced on the client for protecting a website from a spam or any other types of automated abuse like BOTS etc. Barracuda WAF uses Google reCAPTCHA which is an advancement over classical version of CAPTCHAs for protecting websites from spams. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on client’s site. It also allows all valid clients to pass through with ease.

The Captcha/reCaptcha method Settings section allows the administrator to choose the type of challenge to be enforced on the incoming clients for validation. The incoming clients are challenged with CAPTCHA and reCAPTCHA  to find if they are regular browsers, or BOTs, or crawlers. The administrator configures a URL space and choose to have CAPTCHAs issued to all clients who access that URL space, or alternately, issue CAPTCHAs to the clients which are profiled to be suspicious.

The type of challenge to be presented to the incoming clients for validation is chosen on the BASIC > Services tab . When the reCAPTCHA option is selected, few additional fields are displayed for configuration.

The administrator should generate a unique key-pair (a site key and a site secret) specific to the website at following link “Sign up for an API key pair”. The key pair consists of a site key and a secret key. The site key is used to invoke reCAPTCHA service for the website and the secret key authorizes communication between the client and the website. The secret key must be kept safe for security purposes.

  • Domains – Specify the domain to be challenged with selected captcha method
  • Site Key – Specify the reCAPTCHA site key for the selected domain
  • Site Secret – Specify the reCAPTCHA secret for the selected domain
Last updated on