Imperva Cyber Community

Hi Team,

I have a requirement to provide captcha for specific page if any user accessing the that page for 10 times in 60 seconds need to send captcha challenge, This thing has to happen repeatedly for every 10X  access attempts catpcha need to trigger for user to make sure that is a human.

Here is the rule I have tried.

rate rule:
URL Contains " /example/page1/"  Action "count rate"  context is session.

Security rule:
CustomRate >= {rate-rule;10}  Rule  Action " Required Captcha support"

with above rule : the Captcha is coming for only first 10 request attempts, once we clear the captcha challenge it will not ask for captcha for another 10 continus attempts.

If any experts can help me on this rule would be help ful.

We need a rule that every 10x attempts Captcha need to be produced by context of session/IP address.


#CloudWAF(formerlyIncapsula)

------------------------------
Madhu Gudla
------------------------------

Hi Madhu,

URL Contains " /example/page1/" Action "count rate" context is session.

Security rule:
CustomRate >= {rate-rule;10} Rule Action " Required Captcha support"

In case the block needs to be for the page1 only add following to security rule
CustomRate >= {rate-rule;10}  & URL Contains " /example/page1/" Rule Action " Required Captcha support"

Best way to measure it is to use SEIM logs and the block for page will happen for the sliding window per session chosen in the rate rule.
For more info https://docs.imperva.com/bundle/cloud-application-security/page/rules/rates.htm

Note for non cookie supported bot session definition will be IP. Please reach out to support for more config help.



------------------------------
Abhishek Gupta
Customer Success team
Imperva
------------------------------

Original Message:
Sent: 07-10-2020 20:16
From: Madhu Gudla
Subject: Required to present captcha for rate condition

Hi Team,

I have a requirement to provide captcha for specific page if any user accessing the that page for 10 times in 60 seconds need to send captcha challenge, This thing has to happen repeatedly for every 10X  access attempts catpcha need to trigger for user to make sure that is a human.

Here is the rule I have tried.

rate rule:
URL Contains " /example/page1/"  Action "count rate"  context is session.

Security rule:
CustomRate >= {rate-rule;10}  Rule  Action " Required Captcha support"

with above rule : the Captcha is coming for only first 10 request attempts, once we clear the captcha challenge it will not ask for captcha for another 10 continus attempts.

If any experts can help me on this rule would be help ful.

We need a rule that every 10x attempts Captcha need to be produced by context of session/IP address.


#CloudWAF(formerlyIncapsula)

------------------------------
Madhu Gudla
------------------------------