Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Configuring Captcha

FortiADC allows administrators to validate incoming users with CAPTCHAs to determine whether a client is a regular user or an attacker. FortiADC can configure the WAF/DoS Policy to issue CAPTCHAs only to clients who meet the attack rules.

Select a FortiADC default captcha profile from within the virtual server configuration or upload a customized captcha page if you want to use your own captcha verification page for when an WAF/DoS attack detected.

Before you begin:

  • You must have Read-Write permission for Server Load Balance settings.
  • Copy the captcha file to a location you can reach from your browser; the captcha file must be named
  • index.html it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%” and be compressed as tar, tar.gz, or zip file. The maximum file size is 1 MB.
To upload a Captcha page file:
  1. Go to Server Load Balance > Application Resources.
  2. Click the Captcha tab.
  3. Click Create New to display the configuration editor.
  4. Enter the name of the captcha. You will use this name to select the captcha profile in virtual server configurations. No spaces.
  5. Toggle the Customized Captcha Page and then click Choose File and browse and select the captcha page tar, tar.gz, or zip file. The maximum file size is 1MB.
  6. Save the configuration.
Captcha Configuration

Parameter

Description

Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces are allowed. Maximum length 63. Note: After you initially save the configuration, you cannot edit the name.

Virtual Path

Virtual path of captcha function. This path is running on VS, so it will conflict with other configurations like errorpage’s vpath and custom auth page. String type, not empty, maximum length 63, the default value is “/fortiadc_captcha/”
Max Attempts Maximum attempts for Captcha verification. Integer type, range 1-100, default 5. The client will be blocked upon exceeding max attempts.
Max Picture Changes The maximum number of times you can change another picture. Integer type, range 1- 100, default 5. Exceed change times change picture action won’t success.
Picture Difficulty There are two difficulty level here can be selected, hard and easy. hard level picture may fight AI picture recognition, but may cause difficulty in human identification. Default value is hard.
Max Block Period Once client is blocked, how long it will be blocked. Integer type, range 10-2592000, default 86400. Exceed this time client will be reset to untracked state.
Max Verify Period The longest verification time from captcha verify action start. Unit second, range 20- 86400, default 1200. Exceed this time the client will be blocked.

Customized Captcha Page

Switch for customize captcha page, default disable. If disable, the custom captcha package file option won’t valid.

File

File package for customize captcha page. Click ‘Choose File’ to upload.

The file package must include index.html file, and in the index page, it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%”, that we will insert the verify page box on it.

Note: This option is only available when the ‘Customized Captcha Page’ is enabled.

Configuring Captcha

FortiADC allows administrators to validate incoming users with CAPTCHAs to determine whether a client is a regular user or an attacker. FortiADC can configure the WAF/DoS Policy to issue CAPTCHAs only to clients who meet the attack rules.

Select a FortiADC default captcha profile from within the virtual server configuration or upload a customized captcha page if you want to use your own captcha verification page for when an WAF/DoS attack detected.

Before you begin:

  • You must have Read-Write permission for Server Load Balance settings.
  • Copy the captcha file to a location you can reach from your browser; the captcha file must be named
  • index.html it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%” and be compressed as tar, tar.gz, or zip file. The maximum file size is 1 MB.
To upload a Captcha page file:
  1. Go to Server Load Balance > Application Resources.
  2. Click the Captcha tab.
  3. Click Create New to display the configuration editor.
  4. Enter the name of the captcha. You will use this name to select the captcha profile in virtual server configurations. No spaces.
  5. Toggle the Customized Captcha Page and then click Choose File and browse and select the captcha page tar, tar.gz, or zip file. The maximum file size is 1MB.
  6. Save the configuration.
Captcha Configuration

Parameter

Description

Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces are allowed. Maximum length 63. Note: After you initially save the configuration, you cannot edit the name.

Virtual Path

Virtual path of captcha function. This path is running on VS, so it will conflict with other configurations like errorpage’s vpath and custom auth page. String type, not empty, maximum length 63, the default value is “/fortiadc_captcha/”
Max Attempts Maximum attempts for Captcha verification. Integer type, range 1-100, default 5. The client will be blocked upon exceeding max attempts.
Max Picture Changes The maximum number of times you can change another picture. Integer type, range 1- 100, default 5. Exceed change times change picture action won’t success.
Picture Difficulty There are two difficulty level here can be selected, hard and easy. hard level picture may fight AI picture recognition, but may cause difficulty in human identification. Default value is hard.
Max Block Period Once client is blocked, how long it will be blocked. Integer type, range 10-2592000, default 86400. Exceed this time client will be reset to untracked state.
Max Verify Period The longest verification time from captcha verify action start. Unit second, range 20- 86400, default 1200. Exceed this time the client will be blocked.

Customized Captcha Page

Switch for customize captcha page, default disable. If disable, the custom captcha package file option won’t valid.

File

File package for customize captcha page. Click ‘Choose File’ to upload.

The file package must include index.html file, and in the index page, it must include a tag called “%%FORTIADC_CAPTCHA_IFRAME%%”, that we will insert the verify page box on it.

Note: This option is only available when the ‘Customized Captcha Page’ is enabled.