Web pages can't load content from third-party domains when CAPTCHA policy exists on ProxySG appliance
book
Article ID: 169030
calendar_today
Updated On:
Products
Data Center Security Monitoring EditionProxySG Software - SGOS
Issue/Introduction
When ProxySG policy includes rules that invoke CAPTCHA validation for client requests for uncategorized URLs, some web pages can't load content from third-party domains. For example, some images links are broken, web page formatting is missing, or users cannot interact with certain web page elements.
Note: CAPTCHA policy was introduced in SGOS 6.6.4. Refer to the SGOS Administration Guide and the Content Policy Language Reference for details.
Cause
When users solve a CAPTCHA challenge, the web page and any inline content—such as CSS, JavaScript, and images—that is loaded from the origin domain is allowed; however, a web page might also load inline content from a third-party domain. The third-party domain cannot present the validation form for user input; thus, if that domain is a policy match (that is, it is uncategorized), the web page cannot load the inline elements.
Resolution
If you write CAPTCHA policy for URLs that link to inline content from uncategorized third-party domains, use validate.mode(form-cookie-redirect). Otherwise, the default form-cookie mode is used. Refer to the following example:
; for URLs where the content filter cannot determine the category, ; use specified validator and form-cookie-redirect auth mode <Proxy> category=unavailable validate(CAPTCHA_1) validate.mode(form-cookie-redirect)