Using reCAPTCHA Behind a Firewall
2,199 views
Skip to first unread message
Eric Porterfield
Oct 27, 2015, 4:09:54 PM10/27/15
to reCAPTCHA
Hello,
I know this is something that I've seen posted before, but most of them were posted some time ago, so I was hoping to get some updated information. The organization that I work for would like to use reCAPTCHA for a new system that we are getting ready to implement. This system is a proprietary third-party system which only supports Google reCAPTCHA, so we cannot use a third-party captcha program. Our system resides behind a firewall and we've been receiving the following error in our logs during testing:
Exception caught during captcha response validation: Unable to connect to the remote server
After conducting some research (including scouring the reCAPTCHA forum), I discovered that Google requires organizations to create a firewall rule opening it to every external-facing Google IP address. This is done for security measures (on their side), so that it becomes nearly impossible to predict which IP address reCAPTCHA plans on using. This, however, is a major security risk for my organization as we would need to open our firewall to the following ranges:
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.24.9.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
If my calculations are correct, this is roughly 300,000 IP addresses. Is this really what my organization is required to do? Is there not a smaller range that we could go with that would decrease the security risk that my organization would be taking? We're looking into it, but we may have the ability to create a URL-based firewall rule. Does Google have a specific URL that we could use that would open it to this range without having to insert all of these ranges?
Any information would be greatly appreciated.
Thanks
I know this is something that I've seen posted before, but most of them were posted some time ago, so I was hoping to get some updated information. The organization that I work for would like to use reCAPTCHA for a new system that we are getting ready to implement. This system is a proprietary third-party system which only supports Google reCAPTCHA, so we cannot use a third-party captcha program. Our system resides behind a firewall and we've been receiving the following error in our logs during testing:
Exception caught during captcha response validation: Unable to connect to the remote server
After conducting some research (including scouring the reCAPTCHA forum), I discovered that Google requires organizations to create a firewall rule opening it to every external-facing Google IP address. This is done for security measures (on their side), so that it becomes nearly impossible to predict which IP address reCAPTCHA plans on using. This, however, is a major security risk for my organization as we would need to open our firewall to the following ranges:
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.24.9.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
If my calculations are correct, this is roughly 300,000 IP addresses. Is this really what my organization is required to do? Is there not a smaller range that we could go with that would decrease the security risk that my organization would be taking? We're looking into it, but we may have the ability to create a URL-based firewall rule. Does Google have a specific URL that we could use that would open it to this range without having to insert all of these ranges?
Any information would be greatly appreciated.
Thanks
Eric Porterfield
Nov 6, 2015, 1:58:29 PM11/6/15
to reCAPTCHA
If anyone knows how to solve this issue, please let me know. This is for a system that is about to go "live" and we need to have this figured out.
Thanks
Thanks
Benjamen Sprinkle
Nov 29, 2016, 8:50:37 PM11/29/16
to reCAPTCHA
Hi Eric,
Have you found a solution to this issue? My client is facing a similar problem. We created a firewall rule that includes the range of IP addresses for reCAPTCHA but Google periodically changes the IP addresses. This means we are relying on the customer to report a problem before we are aware of the IP address change and can update the rule. I am hoping to find a way to send a daily query to find the current range of IP addresses then automatically update the firewall rule. But I have not found a way to do that yet. Have you found a way around this issue?
Thanks
Reply all
Reply to author
Forward
0 new messages