Firewall rule only for google recaptcha

SipriusPT · Aug 2, 2021, 1:52 PM

Hello everyone,

I am trying to allow only google recaptcha without having to allow all or most google services (through google.com or www.google.com), to be used on a subnet that all internet is blocked, except certain websites.

Anyone here, have a rule recipe for google recaptcha?

Thanks in advance!

Gertjan · Aug 3, 2021, 10:28 AM

@sipriuspt said in Firewall rule only for google recaptcha:

google recaptcha

The "google recaptcha" is a script that runs on your web server. It uses a FQDN to access the Google's "google recaptcha" services.

Using this FQDN as an alias, and use that alias as a with a pass rule probably won't work well, as this FQDN can point to many IP addresses.

So, you mission is, if you accept it, is to find out what all these IP addresses are, put them in an aliases, and use that alias in your firewall rule.

edit : Oops : https://www.google.com/recaptcha/api/ ..... "google.com" has thousands (more) IP's ...

Btw : as you might have guessed / already know : firewall rules work only with IP addresses, not host names.

SipriusPT · Aug 3, 2021, 1:46 PM

@gertjan The fact that they didnt dedicate a hand of IPs or even a sub DN or a DN dedicated to recaptchas, it turns filtering google recaptchas a real pain in the a**, through firewall rules.

Gertjan · Aug 3, 2021, 1:50 PM

@sipriuspt

Google captchas functionality is put in place by an web server admin.
Using other words : if you install a captcha on a web server, it needs an access to Google's API.
It will not visit other web sites.
So, why (firewall) filter connections initiated by a web server itself ??
You - the admin - control the web server. It's not some device with controlled by a a person.