Enable CAPTCHA Latest Current version only

When your website is under CC attack, it is good to turn on CAPTCHA because CAPTCHA can help you identify the real users.

1. This module currently supports three CAPTCHAs, hCaptcha (opens new window), reCAPTCHAv2 (opens new window) and reCAPTCHAv3 (opens new window). You should choose one and get the Sitekey and Secret from their website.
2. Go to assets/ in the project's directory and find the corresponding HTML file, then copy it to any path. For example, if you are using hCaptcha (opens new window), you should copy assets/hCaptcha.html.
3. Modify the copied HTML file by changing the string Your Sitekey to the Sitekey you got from the CAPTCHA platform.
4. Modify the nginx configuration.
   • Enable CAPTCHA for entire site.

     server {
         waf_captcha on prov=hCaptcha secret=your_secret sitekey=your_sitekey;
     }
     

   • Enable CAPTCHA for a path

     location {
         waf_captcha on prov=hCaptcha secret=your_secret sitekey=your_sitekey;
     }
     

   • Enable CAPTCHA when request rate is too high

     http {
         waf_zone name=waf size=20m;
         server {
             waf_cc_deny on rate=1000r/m duration=1h zone=waf:cc;
             waf_captcha off prov=hCaptcha secret=your_secret sitekey=your_sitekey;
             waf_action cc_deny=CAPTCHA zone=waf:action;
         }
     }
     

5. Restart nginx.

WARNING

If you have some pseudo-static configuration, or some path rewriting configuration, you need to make sure that the path /captcha is not rewritten. Here is a sample modification.

# BEGIN Before modification
if (! -e $request_filename) {
    rewrite ^(.*)$ index.php?s=$1 last break;
}
# END   After modification

# BEGIN Before modification
try_files $uri $uri/ index.php?s=$1;
# END   After modification

SEO OPTIMIZATION

Enable CAPTCHA will affect search engine crawling, you can use waf_verify_bot to allow certain search engine crawlers.

waf_verify_bot on;