Imperva Cyber Community

Expand all | Collapse all


  • 1.  CAPTCHA

    Posted 23 days ago
    Can anyone share how to go about implementing CAPTCHA -

    I have already implemented  ANTI Bot

    shamiel bhikha
    Midrand Johannesburg AL

  • 2.  RE: CAPTCHA

    Imperva Employee
    Posted 23 days ago
    Hi Shamiel,

    On-Prem WAF CAPTCHA works in integration with Google ReCAPTCHA

    To configure CAPTCHA, you need to configure two types of policies:

    • Event based Policy: Defines where and how the CAPTCHA is displayed to end users
    • Enforcement Policy: Block requests from sessions that did not pass the challenge to the protected resources.

    Here are the steps: 

    1. Register with Google reCAPTCHA
    2. Obtain Site and Secret keys, Once you register your website, a Site and Secret keys are generated for you. 
    3. Configure CAPTCHA service parameters on the On-prem WAF GUI . In the main workspace> Click ThreatRadar> under Bot Protection, click CAPTCHA. The CAPTCHA pane appears on the right, and in the Configuration tab you can set some policy parameters, enter Site key and secret keys obtained in previous step.
    4. Configure Event based policy. Go to policies>>CAPTCHA. Configure your invocation settings.
    5. Configure enforcement policy. This is in the form of web service/Application custom policy. In the Match Criteria tab, click the green up arrow next to CAPTCHA Challenge Response and configure the parameters.


    Some important pre-requisites before you begin: 

    • Valid ThreatRadar Bot Protection license
    • Install the latest SecureSphere patch. For integration with Google reCAPTCHA, you must use SecureSphere version 11.5 or higher.
    • Upload the latest ADC content.
    • SecureSphere must be deployed inline, either in Bridge or Reverse Proxy mode.
    • Confirm that Server Group operation mode is Active.
    • Confirm that the SecureSphere Management Server is connected to the internet.

    I hope that helps!

    Mohini Sharma