Configuring CAPTCHA validation using the default form
search cancel

Configuring CAPTCHA validation using the default form


Article ID: 171245


Updated On:


Advanced Secure Gateway Software - ASG ASG-S200 ASG-S400 ASG-S500 SG-300 Symantec WebFilter (formerly Blue Coat WebFilter - BCWF) SG-600 Intelligence Services SG-510 SG-810 SG-9000 SG-900 SG-S500 SG-S400 Secure Web Gateway Virtual Appliance SG-S200 ProxySG Software - SGOS SWG VA-100


You can implement a CAPTCHA challenge-response test for specific proxied client requests.

When CAPTCHA validation is implemented on the appliance:

  1. A client makes a request that, according to policy, is subject to CAPTCHA validation.
  2. The browser presents an HTML form including a CAPTCHA image that the user must solve.
  3. A correct response verifies that the request was human-initiated. 
    1.    If the response is incorrect, the form loads a new CAPTCHA image.
    2.    If the response is correct, the browser loads the requested page and the appliance sets a session cookie.


Configuring CAPTCHA validation consists of creating the validator and form in the CLI and including them in policy.

  1. Log in to the CLI, and enter configuration mode:
    1. ProxySG#>en
    2. ProxySG##conf t
  2. Create a new validator:
    1. ProxySG#(config)security captcha create-validator mycaptcha
    2. where mycaptcha is the name of the validator.
  3. Include the validator in policy (Local file or VPM CPL layer) using the following action:
    1. validate (mycaptcha)
  4. To prevent recurring CAPTCHA challenges when an already-authenticated user changes hosts within a browsing session, include policy to use a Common Domain Cookie:
    1. validate.mode(<mode>) where <mode> is form-cookie or form-cookie-redirect.
    2. validate.mode(form-cookie )

Note: The CAPTCHA test is not invoked for future requests from the same client and to the same domain until the cookie expires.

For explicit proxy deployment review the following kb-article before configuring CAPTCHA Validation