• Guides
• Hcaptcha

hCaptcha is a serverless solution available at Azion Marketplace. This type of solution is mainly used for protecting domains against bots. It allows you to monitor traffic on your website by using the hCaptcha dashboard.

hCaptcha is a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) service that aims to improve user privacy and security by using puzzles that are harder for bots to solve, and by using the solved puzzles to train machine learning models to improve the overall security of the internet.

It also allows website owners to earn money by displaying hCaptchas to their users.

To install the hCaptcha solution provided by Azion’s Marketplace, you have to:

1. Log in to Real-Time Manager (RTM).
   • If you don’t have one yet, create an account by visiting the sign-up page.
2. On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Marketplace.
3. On the Marketplace homepage, select the search box and type “hcaptcha” or browse through the cards to find the hCaptcha solution.
4. Once you’ve found the hCaptcha card, select it to go to the solution page.
5. On the solution page, look for the Subscribe for section on the bottom-right corner.
6. Click the Get It Now button.

You’ll see a message indicating that your solution was successfully installed and is ready to use.

To configure the hCaptcha solution, you have to provide two keys: your secret-key and your site-key. To get these credentials, you’ll have to register at the hCaptcha site.

To do so, follow these steps:

1. Go to the hCaptcha dashboard.
   • If you don’t have an account, you can create one here.
   • Pay attention when creating a new account, because the site will provide your secret key. This secret key will be used to configure the solution later on.
2. On the dashboard click the New Site button.
3. It’s optional, but recommended, to name your instance of hCaptcha.
4. Fill in the hostnames you want to use the challenge on and click the Add Domain button.
5. Choose your challenge mode. You have three options:

• Always Challenge (Free. Every request will load a challenge)
• Passive (Paid. There’s no challenge and the CAPTCHA will be triggered according to the behavior of the user)
• 99.9% Passive (Paid. The challenge will only appear for users at high risk of being bots).

6. Choose the passing threshold you want for your site according to the difficulty level: auto, easy, moderate, and difficult. These modes will determine how accurate the user’s answers should be to pass the test.
7. With everything filled-up, click the Save button on the top-right corner.

Now your site is configured to use the hCaptcha solution.

To configure Azion’s solution, you now have to get the site-key from hCaptcha. Still in the hCaptcha site, follow these steps:

1. In your dashboard, on the upper-menu, click on Sites.
2. After loading your sites listed, find the one you configured above. In the first column, you’ll see a label with a string chain that’ll look like this: efdb42c7-10ee-4969-8013-cfcb5f7ad007. This is your site key.
3. Hover over the string and click to copy your site key.
4. Save the site key and the secret key to configure Azion’s solution as explained in the next sections.

To start the configuration of the hCaptcha solution, follow these steps:

1. On the Products menu, select Edge Firewall in the SECURE section.
2. Click the Add Rule Set button.
3. Give an easy-to-remember name to your new rule.
4. Select the domains you want to protect with the function.
5. Click the Edge Functions switch to enable functions on your edge application.
6. Click the Save button.

Done. Now you have instantiated the rule for your function.

To instantiate the hCaptcha solution, while still on the Edge Firewall page, select the Functions tab and follow these steps:

1. Click the Add Function button.
2. Give a name to your instance.
3. On the dropdown menu, select the hCaptcha function.

• This action will load the function, showing a form with the function’s source-code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source-code, but won’t be able to change it.

4. In the Args tab, you’ll pass the two keys you get on the hCaptcha site and your variables:

{
  "site_key": "efdb42c7-10ee-4969-8013-cfcb5f7ad007",
  "secret_key": "0x11c8eB6e78Bd45f058876aF59ac2fB782nbdswqu",
  "cookie_secret": "A key to sign the cookies",
  "expiration_in_seconds": 3600,
  "origin_address": "https://xxxxxxxx.map.azionedge.net",
  "origin_headers": {
  "X-Custom": "value",
  "X-Another-Custom": "another-value"
  },
  "captcha_args": {
  "theme": "dark",
  "size": "compact"
"custom_message": "My message",
      "custom_html": "<html>... <!-- azion_captcha -->  .. </html>"
  }
}

Where:

Due to the algorithm used in cryptography, any string of any length can be used as cookie_secret.

5. Click the Save button to save your configuration.

Done. Now your hCaptcha instance is saved.

To finish, you have to set up the Rules Engine to configure the behavior and the criteria to run the function.

Still on the Edge Firewall page, select the Rules Engine tab and follow these steps:

1. Click the New Rule button.
2. Give a name to the rule.
3. Select a criteria to run and catch the domain you want to run the solution on. Example: if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
4. Below, select a behavior to the criteria. In this case, it’ll be Run Function.
   • Select the adequate hCaptcha function according to the name you gave it in the instantiate step.
5. Click the Save button.

Done. Now the hCaptcha solution is running for every request made to the domain you indicated.

Contributors