Configuring CAPTCHA validation using the default form

book

Article ID: 171245

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ASG-S200 ASG-S400 ASG-S500 SG-300 Symantec WebFilter (formerly Blue Coat WebFilter - BCWF) SG-600 Intelligence Services SG-510 SG-810 SG-9000 SG-900 SG-S500 SG-S400 Secure Web Gateway Virtual Appliance SG-S200 ProxySG Software - SGOS SWG VA-100

Issue/Introduction

You can implement a CAPTCHA challenge-response test for specific proxied client requests.

When CAPTCHA validation is implemented on the appliance:

  1. A client makes a request that, according to policy, is subject to CAPTCHA validation.
  2. The browser presents an HTML form including a CAPTCHA image that the user must solve.
  3. A correct response verifies that the request was human-initiated. 
    1.    If the response is incorrect, the form loads a new CAPTCHA image.
    2.    If the response is correct, the browser loads the requested page and the appliance sets a session cookie.

Resolution

Configuring CAPTCHA validation consists of creating the validator and form in the CLI and including them in policy.

  1. Log in to the CLI, and enter configuration mode:
    1. ProxySG#>en
    2. ProxySG##conf t
  2. Create a new validator:
    1. ProxySG#(config)security captcha create-validator mycaptcha
    2. where mycaptcha is the name of the validator.
  3. Include the validator in policy (Local file or VPM CPL layer) using the following action:
    1. validate (mycaptcha)
  4. To prevent recurring CAPTCHA challenges when an already-authenticated user changes hosts within a browsing session, include policy to use a Common Domain Cookie:
    1. validate.mode(<mode>) where <mode> is form-cookie or form-cookie-redirect.
    2. validate.mode(form-cookie )

Note: The CAPTCHA test is not invoked for future requests from the same client and to the same domain until the cookie expires.

For explicit proxy deployment review the following kb-article before configuring CAPTCHA Validation
http://www.symantec.com/docs/TECH245821