What is Server-Level reCAPTCHA?
Server-Level reCAPTCHA Protection
Server-level reCAPTCHA can help protect against automated attacks, such as spam and bot attacks, by requiring users to complete a challenge to prove they are not a robot. This can improve the security and reliability of the website or web application, as well as protect user data and prevent fraudulent activity. reCAPTCHA is most commonly seen as a gatekeeper for online forms and login screens in web apps. Visitors often need to complete a challenge before proceeding. Typically, websites implement reCAPTCHA in the middle of a page to ensure that humans are the only submission sources.
While this general implementation can help with data validation, it requires that the page has already been loaded by the visitor and does nothing to prevent attacks from overrunning the server.
LiteSpeed addresses this limitation by moving reCAPTCHA from the application layer to the server layer.
Why use reCAPTCHA at a Server Level?
reCAPTCHA, when implemented on the server, offers more control than most other popular DDoS protection solutions. Legitimate visitors can access the website while malicious actors are stopped, providing a powerful tool to reduce resource usage.
Application-level reCAPTCHA carries the cost of PHP overhead. LiteSpeed's reCAPTCHA page uses SSI, making it essentially a static page. In addition, reCAPTCHA does not always have to be activated. It can be configured with rewrite rules to activate it selectively by virtual host or even by page. The LiteSpeed implementation uses a sensitivity scale to allow reCAPTCHA to be activated automatically when the server is under heavy load. When the load drops, reCAPTCHA will be disabled, leaving a smooth experience for visitors.A list of "good bots" and an IP whitelist allow for further control when a reCAPTCHA challenge appears.
Application-level reCAPTCHA carries the cost of PHP overhead. LiteSpeed's reCAPTCHA page uses SSI, making it essentially a static page. In addition, reCAPTCHA does not always have to be activated. It can be configured with rewrite rules to activate it selectively by virtual host or even by page. The LiteSpeed implementation uses a sensitivity scale to allow reCAPTCHA to be activated automatically when the server is under heavy load. When the load drops, reCAPTCHA will be disabled, leaving a smooth experience for visitors.A list of "good bots" and an IP whitelist allow for further control when a reCAPTCHA challenge appears.
How Does it Work?
LiteSpeed redirects untrustworthy visitors to a static page when the server detects high load. The static page creates a challenge for the visitor. Upon completion, verification will run through LiteSpeed. LiteSpeed comes with an executable that takes the challenge response and forwards the request to Google. If successful, Google responds with a response header indicating LiteSpeed's success. Future visits from the same customer will not be subjected to further reCAPTCHA checks.
LiteSpeed rejects failed clients by disconnecting or returning a 403 error.
With LiteSpeed reCAPTCHA on the alert, attacks are blocked before they have a chance to bring down the server, saving you and your customers the headache and potential lost revenue that downtime brings.
LiteSpeed rejects failed clients by disconnecting or returning a 403 error.
With LiteSpeed reCAPTCHA on the alert, attacks are blocked before they have a chance to bring down the server, saving you and your customers the headache and potential lost revenue that downtime brings.
More LiteSpeed related Topics
- What is a WebSocket proxy?
- What is Atomicorp?
- What is TLS Record Direct?
- What is the LiteSpeed Server API?
- What is a just-in-time configuration?
- What is CPU Affinity?
- What is Video Streaming?
- What is LiteSpeed LScache?
- What means One-Click Cache Acceleration?
- What is Tiny Memory Footprint?
- What is chroot Ability?
- Which web servers support QUIC?
- Which browsers support HTTP/3?
- What is the difference between event-driven and process-based architecture?
- What is Brotli Compression?
- What is LiteSpeed ESI?
- How do ESI and public/private cache work together?
- What is Cutting-Edge HTTP/3 Support?
- What is HTTPS / TLSv1.3 Certificate?
- What is QUIC?