Today I’d show you how to configure OpenResty Edge hCaptcha for applications. hCaptcha is a third-party service that can help online services defend against bots, spam, and abuse.

Embeded image

Configure hCaptcha in OpenResty Edge

As always, let’s go to the OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her local deployment.

Screenshot

Before we enable hCaptcha for our application, we need to config Sitekey and Secret key of hCaptcha first.

Screenshot

Let’s go to the Global Config page.

Screenshot

Go to the Captcha Configuration page.

Screenshot

The Sitekey and Secret key of hCaptcha need to be obtained from the official website of hCaptcha.

Screenshot

Go to the hCaptcha website and log in or sign up.

Embeded image

Then, go to the sites page to see our Sitekey list. Go to the Sitekey Settings page.

Embeded image

And we can get the sitekey details here.

Embeded image

Then we go to the settings page to get the secret key.

Embeded image

We can get the secret key here.

Embeded image

We enter the Sitekey and Secret key we obtained from the hcaptcha website.

Screenshot

Click to save.

Screenshot

Now that we’ve configured the Sitekey and Secret key for hCaptcha.

Screenshot

Let’s configure hCaptcha for our application.

Screenshot

We continue with the test-edge.com domain to demonstrate how to config hCaptcha.

Screenshot

Let’s enter this application.

Screenshot

We already have an upstream defined in our earlier tutorial.

Screenshot

This my_backend upstream has a backend server defined already.

Screenshot

And we also have a page rule already defined.

Screenshot

In the previous tutorial, this page rule has set up a reverse proxy to the upstream we just saw.

Screenshot

Let’s add a new page rule to enable the hCaptcha action.

Screenshot

We do not specify a condition for this rule. So it will fire unconditionally.

Screenshot

Let’s add a new action.

Screenshot

Search for the action “Enable hCaptcha”.

Screenshot

Select the option “Enable hCaptcha”.

Screenshot

Clearance time means that when the client passes the captcha verification, the OpenResty Edge will allow all requests from the same client in the specified period. hCaptcha records the verification information through cookies.

Screenshot

We set the time to 10 seconds.

Screenshot

We insert this rule as an always top rule to ensure this rule is executed first. This is for our demonstration. You can set any order you want.

Screenshot

Save this rule.

Screenshot

As always, we need to make a new release to push out our edited page rule.

Screenshot

Click on this button.

Screenshot

Ship it!

Screenshot

It is fully synchronized.

Screenshot

Now the new page rule has been pushed to all the gateway clusters and servers.

Embeded video

Embeded video

Embeded video

Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.

Embeded image

Test

Now let’s access test-edge.com. We can see that the page returns the hCaptcha page instead of our original content.

Embeded image

Click to verify. We need to follow the instructions to select the correct image.

Embeded image

If the selection is incorrect, another group of images will continue to come out to select.

Embeded image

After verification, we can see the expected content of the URI. Remember we just set the clearance time to 10 seconds. We can access the application without captchas within 10 seconds.

Embeded image

After 10 seconds, we need to verify again.

Embeded image

In addition to setting the hCaptcha in action, we can also set it in the WAF rules. We will subsequently explain the specific features of the WAF rules in another video.

Screenshot

Let’s take a brief look at how to set up hCaptcha in WAF rules.

Screenshot

Let’s enable WAF.

Screenshot

We can set the block action to hCaptcha.

Screenshot

We selected the “OpenResty Edge gateway server captcha challenge - hCaptcha” option.

Screenshot

Screenshot

As with the action we set before, we need to set a clearance time here. I won’t demonstrate it in detail here. You can go through it in a WAF rules-related video.

Screenshot

By the way, we also support the OpenResty Edge built-in captcha service. You can learn about it in the OpenResty Edge built-in captcha tutorial video.

What is OpenResty Edge

OpenResty Edge is our all-in-one gateway software for microservices and distributed traffic architectures. It combines traffic management, private CDN construction, API gateway, security, and more to help you easily build, manage, and protect modern applications. OpenResty Edge delivers industry-leading performance and scalability to meet the demanding needs of high concurrency, high load scenarios. It supports scheduling containerized application traffic such as K8s and manages massive domains, making it easy to meet the needs of large websites and complex applications.

If you like this tutorial, please subscribe to this blog site and/or our YouTube channel. Thank you!

About The Author

Yichun Zhang (Github handle: agentzh), is the original creator of the OpenResty® open-source project and the CEO of OpenResty Inc..

Yichun is one of the earliest advocates and leaders of “open-source technology”. He worked at many internationally renowned tech companies, such as Cloudflare, Yahoo!. He is a pioneer of “edge computing”, “dynamic tracing” and “machine coding”, with over 22 years of programming and 16 years of open source experience. Yichun is well-known in the open-source space as the project leader of OpenResty®, adopted by more than 40 million global website domains.

OpenResty Inc., the enterprise software start-up founded by Yichun in 2017, has customers from some of the biggest companies in the world. Its flagship product, OpenResty XRay, is a non-invasive profiling and troubleshooting tool that significantly enhances and utilizes dynamic tracing technology. And its OpenResty Edge product is a powerful distributed traffic management and private CDN software product.

As an avid open-source contributor, Yichun has contributed more than a million lines of code to numerous open-source projects, including Linux kernel, Nginx, LuaJIT, GDB, SystemTap, LLVM, Perl, etc. He has also authored more than 60 open-source software libraries.