reCAPTCHA Allow Help

I currently have google services blocked but have a payment website I need to enable that has a reCAPTCHA box on it. I need some help on how to accomplish this, while keeping google services (search engine, email, etc) blocked.

1 Like

You create an allow rule coming before the block rules. Use tail -f /var/log/messages while connecting to the reCAPTCHA server to see the IP address to allow.

Thanks for the reply - I’m sorry, but I don’t know how to do that.

Which part you do not understand? Creating a rule in the firewall, or checking the logs while connecting to the reCAPTCHA machine?

The logs portion

you ssh to the IPFire machine. Once you log in, you are in a console environment. Then, you issue the following command:

tail -f /var/log/messages

that command will open the kernel logs of IPFire and it will show the last few entries, as they happen. To exit, you press ctrl-c.

This way you see everything IPFire is doing. At this moment, you engage the captcha machine, you will see the kernel logging the packets being dropped. There you will see everything, including the source IP address.

With that information you open the firewall to that IP address or, if the IP rotate, an entire class of addresses (you need to find out this info, as you cannot use a DNS name for writing firewall rules).

Ok - I understand that - Thanks for taking the time to explain. I’m still learning a lot of this. I was able to find the IP address of reCAPTCHA on google’s website. It looks like they rotate and you have to add the ip addresses of all their servers which allows other google services.

Anyone else have this experience? I haven’t had any luck resolving this and wondered what everyone else did who wanted to block Google, but allow recaptcha.

If google uses the same range of IP’s for the recaptcha as they do for all other google activities then there is no way to filter them separately with a firewall rule.

The only suggestion I have in that situation is that you have a rule blocking everything which you then disable when you need to access the website you are interested in. Then when finished working with that website, you enable the blocking firewall rule again.

Not ideal but I can’t think of another approach, unless anyone else has any ideas.

1 Like

The other approach I would consider, is opening google services only to the payment server needing recaptctha, possibly operating in the orange zone, and close it to everyone else in the blue and green network.

1 Like

:thinking: Can this be done using a squid proxy?

not a technical solution i can provide but some insight into geevil’s way forcing users/people into ‘problems’ like this one here:

german only!

Any other input on this? Still struggling to find a solution on this.

Email would be easiest to block:

block these domains:

unfortunatelly, Recaptcha and Search both use www. google . com