Web pages can't load content from third-party domains when CAPTCHA policy exists on ProxySG appliance


Article ID: 169030


Updated On:


Data Center Security Monitoring Edition ProxySG Software - SGOS


When ProxySG policy includes rules that invoke CAPTCHA validation for client requests for uncategorized URLs, some web pages can't load content from third-party domains. For example, some images links are broken, web page formatting is missing, or users cannot interact with certain web page elements.

Note: CAPTCHA policy was introduced in SGOS 6.6.4. Refer to the SGOS Administration Guide and the Content Policy Language Reference for details.


When users solve a CAPTCHA challenge, the web page and any inline content—such as CSS, JavaScript, and images—that is loaded from the origin domain is allowed; however, a web page might also load inline content from a third-party domain. The third-party domain cannot present the validation form for user input; thus, if that domain is a policy match (that is, it is uncategorized), the web page cannot load the inline elements.


If you write CAPTCHA policy for URLs that link to inline content from uncategorized third-party domains, use validate.mode(form-cookie-redirect). Otherwise, the default form-cookie mode is used. Refer to the following example:

; for URLs where the content filter cannot determine the category,
; use specified validator and form-cookie-redirect auth mode
  category=unavailable validate(CAPTCHA_1) validate.mode(form-cookie-redirect)