config load-balance captcha-profile
FortiADC allows administrators to validate incoming users with CAPTCHAs to determine whether a client is a regular user or an attacker. FortiADC can configure the WAF/DoS Policy to issue CAPTCHAs only to clients who meet the attack rules.
Select a FortiADC default captcha profile from within the virtual server configuration or upload a customized captcha page if you want to use your own captcha verification page for when an WAF/DoS attack detected.
Syntax
config load-balance captcha-profile
edit <captcha-profile-name>
set vpath <string>
set max-attempts <integer>
set max-picture-changes <integer>
set max-block-period <integer>
set max-verify-period <integer>
set max-valid-period <integer>
set custom-captcha-page <enable/disable>
set captcha-page-package <file-name>
set picture-difficulty <hard/easy>
end
Parameter | Description |
---|---|
vpath |
Virtual path of captcha function. This path is running on VS, so it will conflict with other configurations like errorpage’s vpath and custom auth page. String type, not empty, maximum length 63, the default value is “/fortiadc_captcha/” |
max-attempts |
Maximum attempts for Captcha verification. Integer type, range 1-100, default 5. The client will be blocked upon exceeding max attempts. |
max-picture-changes |
The maximum number of times you can change another picture. Integer type, range 1-100, default 5. Attempts to change pictures upon exceeding the maximum number of attempts will not be successful. |
picture-difficulty |
There are two difficulty levels that can be selected: easy and hard. Hard level picture may fight AI picture recognition, but may cause difficulty in human identification. Default value is hard. |
max-block-period |
The length of time to block client. Integer type, range 10-2592000, default 86400. Client will be reset to untracked state once time has elapsed. |
max-verify-period |
The longest verification time from captcha verify action start. Unit second, range 20-86400, default 1200. Exceed this time the client will be blocked. |
custom-captcha-page
|
Enable/disable captcha page. The default is disabled. If disabled, the custom captcha package file option won’t be valid. |
captcha-page-package |
File package for the customized captcha page. The file package must include index.html file, and in the index page, it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%”, that we will insert the verify page box on it. Note: This option is only available when custom-captcha-package is enabled. |