reCAPTCHA Allow Help

accc · 20 January 2023 17:46

Hi,
I currently have google services blocked but have a payment website I need to enable that has a reCAPTCHA box on it. I need some help on how to accomplish this, while keeping google services (search engine, email, etc) blocked.

cfusco · 20 January 2023 17:50

You create an allow rule coming before the block rules. Use tail -f /var/log/messages while connecting to the reCAPTCHA server to see the IP address to allow.

accc · 20 January 2023 17:52

Thanks for the reply - I’m sorry, but I don’t know how to do that.

cfusco · 20 January 2023 17:53

Which part you do not understand? Creating a rule in the firewall, or checking the logs while connecting to the reCAPTCHA machine?

accc · 20 January 2023 17:53

The logs portion

cfusco · 20 January 2023 17:59

you ssh to the IPFire machine. Once you log in, you are in a console environment. Then, you issue the following command:

tail -f /var/log/messages

that command will open the kernel logs of IPFire and it will show the last few entries, as they happen. To exit, you press ctrl-c.

This way you see everything IPFire is doing. At this moment, you engage the captcha machine, you will see the kernel logging the packets being dropped. There you will see everything, including the source IP address.

With that information you open the firewall to that IP address or, if the IP rotate, an entire class of addresses (you need to find out this info, as you cannot use a DNS name for writing firewall rules).

accc · 20 January 2023 21:40

Ok - I understand that - Thanks for taking the time to explain. I’m still learning a lot of this. I was able to find the IP address of reCAPTCHA on google’s website. It looks like they rotate and you have to add the ip addresses of all their servers which allows other google services.

accc · 23 February 2023 16:55

Anyone else have this experience? I haven’t had any luck resolving this and wondered what everyone else did who wanted to block Google, but allow recaptcha.

bonnietwin · 24 February 2023 22:34

If google uses the same range of IP’s for the recaptcha as they do for all other google activities then there is no way to filter them separately with a firewall rule.

The only suggestion I have in that situation is that you have a rule blocking everything which you then disable when you need to access the website you are interested in. Then when finished working with that website, you enable the blocking firewall rule again.

Not ideal but I can’t think of another approach, unless anyone else has any ideas.

cfusco · 25 February 2023 10:25

The other approach I would consider, is opening google services only to the payment server needing recaptctha, possibly operating in the orange zone, and close it to everyone else in the blue and green network.

tphz · 25 February 2023 13:48

Can this be done using a squid proxy?

current_user · 5 March 2023 18:04

not a technical solution i can provide but some insight into geevil’s way forcing users/people into ‘problems’ like this one here:

german only!

accc · 31 August 2023 16:25

Any other input on this? Still struggling to find a solution on this.

peppetech · 6 September 2023 00:26

Email would be easiest to block:

block these domains:
imap.gmail.com
smtp.gmail.com

unfortunatelly, Recaptcha and Search both use www. google . com