Captcha and proxy

  • Resolved mireille76

    (@mireille76)


    2 years, 4 months ago

    Hi,
    I have forminator form with Captcha. After clicking on the submit button of the form, I get the error message that Captcha verification failed.
    I tried with google Recaptcha v2 and v3 and with hcaptcha, always with the same result.
    Here some infos:
    – When I deactivate Captcha, the form submits fine.
    – I tried with a copy of the website on localhost. On localhost it works fine with Captcha activated.
    – The website is on a server with a firewall behind a proxy. I think that the problem may be related to this.
    – there is no error message when I turn wp debug modus on
    – On my google recaptcha page, I have a message “We detected that your site is not verifying reCAPTCHA solutions. This is required for the proper use of reCAPTCHA on your site.”
    -I contacted the admin of the server. He told me that as far as he understands the working of Captcha, the browser communicates with google, not with the server. Is this true ? Is there something to change in the configuration of the server ? Or can someone give me infos on how Captcha is integrated, so I can give them to the server admin ?

    Thank you very much in advance for any help.
    Mireille

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @mireille76

    I hope you’re well today and thank you for your question!

    Captcha does communicate “through server” actually too. If it comes to reCaptcha when form is submitted it’s being processed by plugin’s PHP scripts (to do whatever needs to be done with this submission – e.g. save to DB, send notifications etc) and Google kind of “expects” it to send the captcha data (along with authorization keys that you configured) to them.

    Server may be blocking or breaking that in some way and yes – it would result in such issues so firewall/proxy is actually very probable reason for this behavior.

    Simplest way to check that would be to just disable firewall temporarily if possible and if it starts to work then it confirms that firewall is culprit.

    If so, then firewall would need to be reconfigured to allow POST requests to google.com/recaptcha. In most cases it would mean adding reCaptcha serivce IP to firewall “allow” list but I think Google doesn’t really disclose these IPs (and they may change) so it would have to be allowed either by the endpoint URL or some specific part of request – that depends on firewall configuration options and your host/server admin should be able to help with that.

    Kind regards,
    Adam

    Thread Starter mireille76

    (@mireille76)

    Hi Adam,

    Thank you very much for your answer.

    I have now the answer from the server admin. He said that they would have to allow requests from entire google.com . They do not want to do this for security and data protection reasons.

    Maybe hcaptcha could be an alternative ? How the firewall should be configured to allow hcaptcha ?

    Or is there an alternative for an implementation without server access ?
    Mireille
    Thank you very much for your answer.

    Hello @mireille76 !

    I would generally recommend hCaptcha over reCaptcha as we’ve been receiving feedback from users that it tends to be significantly better at stopping spam.

    Regarding the specific setup required – it will be similar to how reCaptcha works as explained by my colleague earlier. Possibly also hCaptcha support will be able to assist with your specific setup in terms of the part of communication between the server itself and the hCaptcha servers, you can reach out to them at [email protected]

    Kind regards,
    Pawel

    Thread Starter mireille76

    (@mireille76)

    Hello,

    Thank you !

    We use now hCaptcha, and after configuring the firewall to allow requests to https://hcaptcha.com/siteverify it works.

    Thank you for the great plugin and great support !

    Kinf regards,
    Mireille

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Captcha and proxy’ is closed to new replies.