Zscaler Captcha

[Arnold Gilgen]

Forsome reason, simply going to and checking the box would fix the recaptcha on the offending site(s). I don't know how long the fix will last though. Out of 90 people we had 3 users reporting issues so it wasn't a widespread issue.

I've experienced this issue as well. For me the solution was to pause / disable addblocker. Apparently the request url for the recaptcha script is changed when using this blocker( addblocker/recaptcha__en_gb.js).

In Preferences on Privacy tab, you will find the option "Prevent cross-site tracking", if this option is checked then you will see the error message in the reCaptcha section. According to Apple support this is what they say that happens when it is checked:

If you uncheck the option and reload the page, then you will be able to use the reCaptcha control. It seems it depends on how your website is communicating with the reCaptcha service, if it is from a website you are creating and how it detects the source connection or maybe if the website has an SSL on it. Maybe Google itself is the only one who can completely clarify what is going on under the hood, in the meantime, this is what I know:

When we have this enabled, it blocks the cookie creation and website data, in this case a specific session storage key called "rc::b" is not created in Safari browser and so reCaptcha is no able to connect to its source to do what it wants. For some reason Safari blocks this one but allows the "rc::a" cookie.

I cannot upgrade my account because Recaptcha is blocking my payment for 'security reasons'. Ironically, I cannot get help from live chat because my account is not important enough to have that ability. I assume once I upgrade I will be able to get support... but I can't upgrade until it accepts my payment. Do you see my dilemma?

If you receive the error message "Could not connect to the reCAPTCHA service. Please check your internet connection and reload to get a reCAPTCHA challenge", you may need to allow access to Google IP addresses.

For anyone else having this problem, I tried all the recommendations listed in the replies. Unfortunately not helpful. I tried Firefox and Chrome, disabled all extensions, tried in privacy mode, cleared cache, etc. Nothing worked and the "recaptcha" error came up just like in the reply above. Also, there was no captcha to attempt. It appears to be a problem with the JS on the page.

I have recently implemented Google reCaptcha V3 to my website and all is looking good and works perfectly, however, when I deploy the website to my server (which has a firewall) the website crashes due to reCaptcha unable to reach some IP addresses.

I'm using reCAPTCHA.net Enterprise and I can't open internet connection to the server because of security rules in my company, I need to know which IP Addresses are used by Google reCaptcha.net so I can open connection from the server to those IP's, is there like a list of IP's I can use? I opened some IP's used by google and gstatic.com but every once in a while the website crashes and a new IP address is needed.

thanks.

Hi @iharoun ,

Google doesn't provide a fixed list of IP addresses for reCAPTCHA because they can change for reasons like balancing loads and updating systems. This approach is used to make reCAPTCHA more secure and effective.

However, I can recommend workarounds on how to configure firewalls and network settings to work effectively with reCAPTCHA.

1. Domain Restriction Constraint

Instead of whitelisting specific IP addresses, you could try whitelisting the domains used by reCAPTCHA to ensure proper functionality. This might involve allowing traffic to and from specific domains like www.google.com, www.recaptcha.net, etc.

2. Firewall Rules

You may have to change your firewall settings so your website can talk to outside services, like the reCAPTCHA checker. Just make sure your server can send out messages using the web

We have integrated the reCaptcha Enterprise API into our backend to validate tokens generated on the front end but we are having an error in our production environment because calls to your services are stopping on our firewall.

Can you tell us which addresses we have to allow access to be able to call your services

I am trying to implement reCaptcha on our login page and noticing that reCaptcha response is not verified. Upon looking in the firewall logs noticed that its denying the traffic via 443.

I looked at the which talks about some specific IP address ranges for the reCaptcha service. However, upon checking the domain DNS address right now shows up - www.google.com [142.250.72.36] , www.recaptcha.net [142.250.69.227]

which does not fall under the IP space provided in the above URL.

Hence, would like to know what specific IP ranges we should allow in firewall to allow this traffic from NetScaler to the google recaptcha services.

Commentaires :We went from a VPN application that required users to reauthenticate every 10 hours on a mobile device and every 4 hours on a laptop for security reason, to Zscaler that we can allow users to reauthenticate every 30 days on mobile devices and every 3 days on laptops. The user experience has been improved tremendously. Additionally, the connectivity is more stable using Zscaler versus our previous application.

Zscaler gives more security for the organization, while giving users more privacy. Analytics are hands down the best we have used. 10k+ users and we have had little to no problems since deploying Zscaler. Having the flexibility to change the duration for authentication while still maintaining a secure environment has made this tool a game changer for our users.

Commentaires :Overall Zscaler has brought the new generation in network security, and Zscaler made the other Security vendors to think in the different directions compare with thinking in traditional way. Zscaler kind of removed the network latency problems with traditional VPN solutions here Zscaler POP presence really helped.

This is one of the best solution I have worked with, it provides the seamless experience better than the traditional VPN solutions. Connectivity speed is faster comparatively than the VPN solutions because of closer Zscaler POP availability. With speed you are also sure that you are sitting in Secure environment. As Zscaler also makes it sure no threats are touching the endpoint as well even the Zero day threats are detected and prevented within the Zscaler cloud.

Commentaires :Let me start by describing what ZScaler is at its heart: a cloud-based network proxy that uses its own root certificate to inspect TLS/SSL traffic.If you are a company in the business of making software, keep this product away from your software developers. Far, far away. It does not play nice with many software development tools, even once you go through the pain of adding their root certificate in all the right places. I have spent hours and even days interacting with ZScaler support, often with no solution ever found. After spending months fighting frequent issues that came up, I finally threw my hands in the air and left my company.It probably works fine if you're just doing "regular" stuff with your network, like browsing, file uploads/downlads, etc. If you're doing anything more advanced, keep away from ZScaler.

- Hard to get it to work right with software development tools. In some cases, no proper solution was ever found.- Support is incredibly terrible. Unhelpful and wastes a lot of time. I really can't emphasize enough how frustrating the support was. I ended up just finding my own workarounds 90% of the time, after spending hours and hours on the line with support.- Adds latency, which can make profiling network operations difficult.- Sometimes you run into websites randomly blocking you or asking for CAPTCHA due to routing through ZScaler gateways.

Commentaires :We added this during the pandemic. We are in the process of doing the full company rollout, but we have a lot of users and this really helps us get visibility and security around our networked resources.

I love that I don't have to use multiple VPNs to get to various parts of my company and product. Having Zscaler handle that all is really nice. Logging into SIEM is a lot, but good information and great for investigation. Love the agent. Works great for Windows and Mac

- Very easy to use and automatically connects when the computer is turned on.- No authentication required- Never fails to connect- If internet outage is there, automatically reconnects when internet is back again

The majority of business users are only interested in not getting any viruses on the PCs or mobile devices. They aren't interested in the way how we are protected from various cyber threats - Zscaler is the perfect solution as it gives us the wanted protection without the need of any user intervention - it works in the background while we perform our daily tasks. I was really amazed by the pace of how ZScaler detects potential vulnerabilities and possible cyber attacks.

Commentaires :Zscaler helps me browse the internet safely, without having me worry whether a particular website may be malicious or not. It has helped me prevent data loss and data theft due to the blacklisting of potentially dangerous websites and also provided me warnings in case of suspicious websites.

The best thing about Zscaler is that it performs it works efficiently in the backend without providing me with too many notifications. I get immediate reminders if I end up browsing an unsafe website and it also blocks access to websites blacklisted by ZS, thus preventing data theft.

I am a regular user of Zscaler and I consider the software as an ally of the IT team for security in browsing the internet and connecting to other networks. For the user, the software is simple, without many options for adjustments.

The Console of the solution is very straightforward. It supports a lot of use cases. Zscaler offers protection to users' internet traffic, protects private application access, and secures cloud transactions.It can Integrate with a lot of products as per the need like we can Integrate it with siem solution for exporting logs, or can integrate with IDPs to authenticate users. Advanced threat protection modules are quite good, and provide granular controls over SASE applications. The policy applies in real time which is a very good thing.

3a8082e126