Web pages can't load content from third-party domains when CAPTCHA policy exists on ProxySG appliance

book

Article ID: 169030

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

When ProxySG policy includes rules that invoke CAPTCHA validation for client requests for uncategorized URLs, some web pages can't load content from third-party domains. For example, some images links are broken, web page formatting is missing, or users cannot interact with certain web page elements.

Note: CAPTCHA policy was introduced in SGOS 6.6.4. Refer to the SGOS Administration Guide and the Content Policy Language Reference for details.

Cause

When users solve a CAPTCHA challenge, the web page and any inline content—such as CSS, JavaScript, and images—that is loaded from the origin domain is allowed; however, a web page might also load inline content from a third-party domain. The third-party domain cannot present the validation form for user input; thus, if that domain is a policy match (that is, it is uncategorized), the web page cannot load the inline elements.
 

Resolution

If you write CAPTCHA policy for URLs that link to inline content from uncategorized third-party domains, use validate.mode(form-cookie-redirect). Otherwise, the default form-cookie mode is used. Refer to the following example:

; for URLs where the content filter cannot determine the category,
; use specified validator and form-cookie-redirect auth mode
<Proxy>
  category=unavailable validate(CAPTCHA_1) validate.mode(form-cookie-redirect)