How to install the reCAPTCHA solution through Azion Marketplace

reCAPTCHA is a serverless solution available at Azion Marketplace. This type of solution is mainly used for protecting domains against bots. It allows you to monitor traffic in your website by using the Google Dashboard for reCAPTCHA.

reCAPTCHA is a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) solution designed to protect websites from bots and automated scripts by using a challenge-response test to determine whether the user is a human or a machine.

Google maintains and owns reCAPTCHA and uses the data collected by reCAPTCHA to improve their services.


To install the reCAPTCHA solution provided by Azion Marketplace, you have to:

  1. Log in to Real-Time Manager (RTM).
  • If you don’t have an account, create one by visiting the sign-up page.
  1. On the upper-left corner of the page, open the Products menu, represented by three horizontal lines, and then select Marketplace.
  2. On the Marketplace homepage, select the search box and type “recaptcha” or browse through the cards to find the reCAPTCHA solution.
  3. Once you’ve found the reCAPTCHA card, select it to go to the solution page.
  4. On the solution page, look for the Subscribe for section on the bottom-right corner.
  5. Click the Get It Now button.

You’ll see a message indicating that your solution was successfully installed and is ready to use.


Getting the keys on Google’s reCAPTCHA site

Section titled Getting the keys on Google’s reCAPTCHA site

To use the Azion reCAPTCHA solution, you have to provide two keys: your secret-key and your site-key. To get these credentials, you’ll have to register at Google.

To do so, follow these steps:

  1. Go to Google reCAPTCHA admin dashboard.
  • If you don’t have a Google Account, you’ll be prompted to create one.
  1. Once you’ve signed-up to the reCAPTCHA account, you’ll be redirected to the website’s register page.
  2. On this page, you have to fill in:
    • A label for your new reCAPTCHA site.
    • The version of reCAPTCHA you want to use (you can choose from v2 or v3).
      • If you choose v2, you’ll be prompted to choose what kind of test you want to apply on your website. The options are: ”I’m not a robot checkbox”, ”Invisible reCaptcha”, and ”reCaptcha Android“.

      Important: Azion reCAPTCHA solution was conceived to work with the v2 invisible option.

    • The domain you want to run the reCAPTCHA. Remember to ignore the http:// or https:// for the domain name.
    • You have to accept the reCAPTCHA terms of service.
    • You have to choose if you want to receive alerts from Google about your site, such as misconfigurations and others.
  3. Once you fill in all the information, click the Submit button.

Now you have your site registered to use the reCAPTCHA. In the next screen, you’ll receive your keys: Site Key and Secret Key.

These two keys will be used to configure the Azion reCAPTCHA solution later on.


Setting up the Edge Firewall rule

Section titled Setting up the Edge Firewall rule

To start the configuration of the reCAPTCHA solution, follow these steps:

  1. On the Products menu, select Edge Firewall in the SECURE section.
  2. Click the Add Rule Set button.
  3. Give an easy-to-remember name to your new rule.
  4. Select the domains you want to protect with the function.
  5. Click the Edge Functions switch to enable functions on your edge application..
  6. Click the Save button.

Done. Now you have instantiated the rule for your function.


Setting up the Edge Firewall function

Section titled Setting up the Edge Firewall function

To instantiate the reCAPTCHA solution, while still on the Edge Firewall page, select the Functions tab and follow these steps:

  1. Click the Add Function button.
  2. Give an easy to remember name to your instance.
  3. On the dropdown menu, select the reCAPTCHA function.
  • This action will load the function, showing a form with the function’s source-code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source-code, but won’t be able to change it.
  1. In the Args tab, you’ll pass the two keys you get on the reCAPTCHA site and your variables:
{
"site_key": "efdb42c7-10ee-4969-8013-cfcb5f7ad007",
"secret_key": "0x11c8eB6e78Bd45f058876aF59ac2fB782nbdswqu",
"cookie_secret": "A key to sign the cookies",
"expiration_in_seconds": 3600,
"origin_address": "https://xxxxxxxx.map.azionedge.net",
"origin_headers": {
"X-Custom": "value",
"X-Another-Custom": "another-value"
},
"captcha_args": {
"theme": "dark",
"size": "compact",
"custom_message": "My message",
"custom_html": "<html>... <!-- azion_captcha --> .. </html>"
}
}

Where:

VariableRequiredDescription
site_keyYesThe site key you obtained at the reCAPTCHA page.
secret_keyYesThe secret key you obtained at the reCAPTCHA page.
expiration_in_secondsYesThe time in seconds until the reCAPTCHA expires.
origin_addressYesYour domain from which the function will fetch the content after the user solves the CAPTCHA challenge.
origin_headersNoWhenever the access to the origin requires the usage of specific request headers.
captcha_argsNoThese args modify and customize the layout of the challenge box.
custom_messageNoA customized message you want to show to the users.
custom_htmlNoThe customized HTML to render the reCAPTCHA challenge box.
cookie_secretYesThis cookie is generated by the function and used in order for the functions not to be re-run.

Due to the algorithm used in cryptography, any string of any length can be used as cookie_secret.

  1. Click the Save button to save your configuration.

Done. Now your reCAPTCHA instance is saved.


Setting up the Edge Firewall Rules Engine

Section titled Setting up the Edge Firewall Rules Engine

To finish, you have to set up the Rules Engine to configure the behavior and the criteria to run the function.

Still on the Edge Firewall page, select the Rules Engine tab and follow these steps:

  1. Click the New Rule button.
  2. Give a name to the rule.
  3. Select a criteria to run and catch the domain you want to run the solution on. Example: if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
  4. Below, select a behavior to the criteria. In this case, it’ll be Run Function.
    • Select the adequate reCAPTCHA function according to the name you gave it in the instantiate step.
  5. Click the Save button.

Done. Now the reCAPTCHA solution is running for every request made to the domain you indicated.


Contributors