Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config load-balance captcha-profile

FortiADC allows administrators to validate incoming users with CAPTCHAs to determine whether a client is a regular user or an attacker. FortiADC can configure the WAF/DoS Policy to issue CAPTCHAs only to clients who meet the attack rules.

Select a FortiADC default captcha profile from within the virtual server configuration or upload a customized captcha page if you want to use your own captcha verification page for when an WAF/DoS attack detected.

Syntax

config load-balance captcha-profile

edit <captcha-profile-name>

set vpath <string>

set max-attempts <integer>

set max-picture-changes <integer>

set max-block-period <integer>

set max-verify-period <integer>

set max-valid-period <integer>

set custom-captcha-page <enable/disable>

set captcha-page-package <file-name>

set picture-difficulty <hard/easy>

end

Paramter

Description

vpath

Virtual path of captcha function. This path is running on VS, so it will conflict with other configurations like errorpage’s vpath and custom auth page. String type, not empty, maximum length 63, the default value is “/fortiadc_captcha/”

max-attempts

Maximum attempts for Captcha verification. Integer type, range 1-100, default 5. The client will be blocked upon exceeding max attempts.

max-picture-changes

The maximum number of times you can change another picture. Integer type, range 1-100, default 5. Attempts to change pictures upon exceeding the maximum number of attempts will not be successful.

picture-difficulty

There are two difficulty levels that can be selected: easy and hard.

Hard level picture may fight AI picture recognition, but may cause difficulty in human identification. Default value is hard.

max-block-period

The length of time to block client.

Integer type, range 10-2592000, default 86400. Client will be reset to untracked state once time has elapsed.

max-verify-period

The longest verification time from captcha verify action start. Unit second, range 20-86400, default 1200. Exceed this time the client will be blocked.

custom-captcha-page

Enable/disable captcha page. The default is disabled. If disabled, the custom captcha package file option won’t be valid.

captcha-page-package

File package for the customized captcha page.

The file package must include index.html file, and in the index page, it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%”, that we will insert the verify page box on it.

Note: This option is only available when custom-captcha-package is enabled.

config load-balance captcha-profile

FortiADC allows administrators to validate incoming users with CAPTCHAs to determine whether a client is a regular user or an attacker. FortiADC can configure the WAF/DoS Policy to issue CAPTCHAs only to clients who meet the attack rules.

Select a FortiADC default captcha profile from within the virtual server configuration or upload a customized captcha page if you want to use your own captcha verification page for when an WAF/DoS attack detected.

Syntax

config load-balance captcha-profile

edit <captcha-profile-name>

set vpath <string>

set max-attempts <integer>

set max-picture-changes <integer>

set max-block-period <integer>

set max-verify-period <integer>

set max-valid-period <integer>

set custom-captcha-page <enable/disable>

set captcha-page-package <file-name>

set picture-difficulty <hard/easy>

end

Paramter

Description

vpath

Virtual path of captcha function. This path is running on VS, so it will conflict with other configurations like errorpage’s vpath and custom auth page. String type, not empty, maximum length 63, the default value is “/fortiadc_captcha/”

max-attempts

Maximum attempts for Captcha verification. Integer type, range 1-100, default 5. The client will be blocked upon exceeding max attempts.

max-picture-changes

The maximum number of times you can change another picture. Integer type, range 1-100, default 5. Attempts to change pictures upon exceeding the maximum number of attempts will not be successful.

picture-difficulty

There are two difficulty levels that can be selected: easy and hard.

Hard level picture may fight AI picture recognition, but may cause difficulty in human identification. Default value is hard.

max-block-period

The length of time to block client.

Integer type, range 10-2592000, default 86400. Client will be reset to untracked state once time has elapsed.

max-verify-period

The longest verification time from captcha verify action start. Unit second, range 20-86400, default 1200. Exceed this time the client will be blocked.

custom-captcha-page

Enable/disable captcha page. The default is disabled. If disabled, the custom captcha package file option won’t be valid.

captcha-page-package

File package for the customized captcha page.

The file package must include index.html file, and in the index page, it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%”, that we will insert the verify page box on it.

Note: This option is only available when custom-captcha-package is enabled.