How to install the reCAPTCHA integration through Azion Marketplace

reCAPTCHA is a serverless integration available at Azion Marketplace. This type of integration is mainly used for protecting domains against bots. It allows you to monitor traffic in your website by using the Google Dashboard for reCAPTCHA.

reCAPTCHA is a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) integration designed to protect websites from bots and automated scripts by using a challenge-response test to determine whether the user is a human or a machine.

Google maintains and owns reCAPTCHA and uses the data collected by reCAPTCHA to improve their services.

Getting the integration

To install the reCAPTCHA integration provided by Azion Marketplace, you have to:

Access Azion Console > Marketplace.
On the Marketplace homepage, select the integration’s card.
Once the integration’s page opens, click the Get It Now button, at the bottom-right corner of the page.

You’ll see a message indicating that your integration was successfully installed and is ready to use.

Getting the keys on Google’s reCAPTCHA site

To use the Azion reCAPTCHA integration, you have to provide two keys: your secret-key and your site-key. To get these credentials, you’ll have to register at Google.

To do so, follow these steps:

Go to Google reCAPTCHA admin dashboard.

If you don’t have a Google Account, you’ll be prompted to create one.

Once you’ve signed-up to the reCAPTCHA account, you’ll be redirected to the website’s register page.
On this page, you have to fill in:
- A label for your new reCAPTCHA site.
- The version of reCAPTCHA you want to use (you can choose from v2 or v3).
  - If you choose v2, you’ll be prompted to choose what kind of test you want to apply on your website. The options are: “I’m not a robot checkbox”, “Invisible reCaptcha”, and “reCaptcha Android”.
  - Important: Azion reCAPTCHA integration was conceived to work with the v2 invisible option.
- The domain you want to run the reCAPTCHA. Remember to ignore the http:// or https:// for the domain name.
- You have to accept the reCAPTCHA terms of service.
- You have to choose if you want to receive alerts from Google about your site, such as misconfigurations and others.
Once you fill in all the information, click the Submit button.

Now you have your site registered to use the reCAPTCHA. In the next screen, you’ll receive your keys: Site Key and Secret Key.

These two keys will be used to configure the Azion reCAPTCHA integration later on.

Configuring the integration

Setting up an edge firewall

To start the configuration of the reCAPTCHA integration, follow these steps:

On the Products menu, select Edge Firewall in the SECURE section.
Click the Add Rule Set button.
Give an easy-to-remember name to your edge firewall.
Select the domains you want to protect with the function.
Click the Edge Functions switch to enable functions on your edge application.
Click the Save button.

Done. Now you have instantiated the rule for your function.

Setting up the Edge Firewall function

To instantiate the reCAPTCHA integration, while still on the Edge Firewall page, select the Functions tab and follow these steps:

Click the Add Function button.
Give an easy to remember name to your instance.
On the dropdown menu, select the reCAPTCHA function.

This action will load the function, showing a form with the function’s source-code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source-code, but won’t be able to change it.

In the Args tab, you’ll pass the two keys you get on the reCAPTCHA site and your variables:

{
  "site_key": "efdb42c7-10ee-4969-8013-cfcb5f7ad007",
  "secret_key": "0x11c8eB6e78Bd45f058876aF59ac2fB782nbdswqu",
  "cookie_secret": "A key to sign the cookies",
  "expiration_in_seconds": 3600,
  "origin_address": "https://xxxxxxxx.map.azionedge.net",
  "origin_headers": {
  "X-Custom": "value",
  "X-Another-Custom": "another-value"
  },
  "captcha_args": {
  "theme": "dark",
  "size": "compact",
"custom_message": "My message",
      "custom_html": "<html>... <!-- azion_captcha -->  .. </html>"
  }
}

Where:

Variable	Required	Description
`site_key`	Yes	The site key you obtained at the reCAPTCHA page
`secret_key`	Yes	The secret key you obtained at the reCAPTCHA page
`expiration_in_seconds`	Yes	The time in seconds until the reCAPTCHA expires
`origin_address`	Yes	Your domain from which the function will fetch the content after the user solves the CAPTCHA challenge
`origin_headers`	No	Whenever the access to the origin requires the usage of specific request headers
`captcha_args`	No	These args modify and customize the layout of the challenge box
`custom_message`	No	A customized message you want to show to the users
`custom_html`	No	The customized HTML to render the reCAPTCHA challenge box
`cookie_secret`	Yes	This cookie is generated by the function and used in order for the functions not to be re-run

Click the Save button to save your configuration.

Done. Now your reCAPTCHA instance is saved.

Setting up the Edge Firewall Rules Engine

To finish, you have to set up the Rules Engine to configure the behavior and the criteria to run the function.

Still on the Edge Firewall page, select the Rules Engine tab and follow these steps:

Click the New Rule button.
Give a name to the rule.
Select a criteria to run and catch the domain you want to run the integrationn on. Example: if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
Below, select a behavior to the criteria. In this case, it’ll be Run Function.
- Select the adequate reCAPTCHA function according to the name you gave it in the instantiate step.
Click the Save button.

Done. Now the reCAPTCHA integration is running for every request made to the domain you indicated.

Contributors