To implement reCAPTCHA Enforcement in security modules such as Threshold Based Detection and Bot Detection, you need to create a reCAPTCHA server that FortiWeb uses to perform bot confirmation with Google reCAPTCHA service
reCAPTCHA is a third-party service and developed by Google. It uses adaptive challenges to confirm whether the client is a bot or not. To execute reCAPTCHA check, FortiWeb needs the site key and secret key information so that it can communicates with the reCAPTCHA service on behalf of your application server.
To add a reCAPTCHA server:
- The reCAPTCHA Server tab is hidden by default. Go to System > Config > Feature Visibility to enable it.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
- Go to User > Remote Server and select the reCAPTCHA server tab.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see Permissions.
- Click Create New.
- Enter a name for this reCAPTCHA server. You can reference it in the security modules which support reCAPTCHA check.
- Select the type of the reCAPTCHA service you have registered in Google.
- Enter the site key and secret key.
- Click OK.