- Release Notes and Announcements
- Release Notes
- Product Announcement
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Product Announcement
- Security Advisory
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44832)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-45046)
- Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)
- Notice for WebLogic Console HTTP RCE Vulnerability
- Notice for Exchange Server Command Execution Vulnerability
- Notice for Yonyou GRP-U8 SQL Injection Vulnerability
- Notice for Apache Cocoon XXE Vulnerability (CVE-2020-11991)
- Notice for WordPress File Manager Arbitrary Code Execution Vulnerability
- Jenkins Security Advisory for September
- Notice for Apache Struts 2 RCE Vulnerabilities (CVE-2019-0230 and CVE-2019-0233)
- Notice for Apache SkyWalking SQL Injection Vulnerability (CVE-2020-13921)
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Service Level Agreement
- WAF Policy
- Contact Us
- Glossary
Connecting Frontend-Backend Separated Site to WAF CAPTCHA
Last updated: 2023-12-29 14:55:13
You can connect WAF CAPTCHA to frontend-backend separated sites or app sites to dynamically send CAPTCHAs from such sites.
You can connect a frontend-backend separated site to the WAF CAPTCHA process to dynamically verify human operations for the site in various scenarios, including custom rule hit, CC attack protection, and bot traffic management. Both iOS and Android apps are connected through web frontend HTML5.
Prerequisites
How to Detect
This feature dynamically checks whether the packets returned from the server contain the CAPTCHA fields delivered by WAF, and if so, it will render the CAPTCHA at the top floating layer to connect the frontend-backend separated site or app to WAF CAPTCHA.
Directions
Below is the sample code for WAF CAPTCHA connection (with Axios as an example). You can refer to the following to connect a frontend-backend separated site to WAF CAPTCHA based on your actual use case:
1. Add interceptors to the Axios response.
// Regexes related to WAF CAPTCHA `seqid`const sig_data = /seqid\\s=\\s"(\\w+)"/gconst waf_id_data = /TencentCaptcha\\((\\'\\d+\\')/gconst service = axios.create({baseURL: '/api',timeout: 10000,withCredentials: true});service.interceptors.response.use((response)=>{const res = response.data;if(res.code === 0){return res;}else{// Capture the error and render the CAPTCHAconst matches = sig_data.exec(res);if(matches){// Display the CAPTCHAlet seqid = matches[1];const wid_matches = waf_id_data.exec(res);let wid = wid_matches[1]var captcha = new TencentCaptcha(wid, function(res){var captchaResult = []captchaResult.push(res.ret)if(res.ret === 0){captchaResult.push(res.ticket)captchaResult.push(res.randstr)captchaResult.push(seqid)}var content = captchaResult.join('\\n')axios.post("/WafCaptcha",content).then().catch();});captcha.show()}else{return res;}}},()=>{});export default service;Vue.prototype.$axios = service;
2. Add the Axios response with added interceptors during API call.
getTopic:function(){this.$axios.get("/api.php").then(res => {this.topic = res});}
3. Import the CAPTCHA script globally by adding
<script src="https://ssl.captcha.qq.com/TCaptcha.js"></script> to public/index.html.<!DOCTYPE html><html lang=""><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1.0"><link rel="icon" href="<%= BASE_URL %>favicon.ico"><title><%= htmlWebpackPlugin.options.title %></title></head><body><noscript><strong>We're sorry but <%= htmlWebpackPlugin.options.title %> doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><script src="https://ssl.captcha.qq.com/TCaptcha.js"></script><div id="app"></div><!-- built files will be auto injected --></body></html>
4. After entering the above code, compile and deploy it on the server.
5. Configure a custom rule in WAF and use an async request to check whether the current page pops up the CAPTCHA window.
Yes
No
Was this page helpful?