Challenge options

Challenge options include various CAPTCHAs you can show depending on the basic properties of incoming requests. To flexibly split requests, you can use different combinations of traffic conditions.

If you do not need to create multiple separate CAPTCHAs, configure only the default option. For all options, you can select the main and additional challenges and the CAPTCHA difficulty. The visual design is consistent for all CAPTCHA options.

With multiple challenge options available, you can customize CAPTCHA based on threat likelihood for better user experience.

Benefits of using CAPTCHA optionsBenefits of using CAPTCHA options

• Segmented threat protection.

  Different users and traffic sources pose different levels of threat. Bots and attackers may use odd-looking IP addresses or send requests with specific attributes in the header. By taking this into account, you can apply more complex checks to suspicious traffic.

• Improved user experience.

  Hard-to-solve CAPTCHA challenges negatively impact user experience and overall impression of your website. Instead, you can choose to show the CAPTCHA that is better suited to the user's platform. For example, you can use a slider for mobile platforms and a checkbox for desktop ones. This improves convenience and user loyalty.

CAPTCHA show rulesCAPTCHA show rules

The list of rules already includes the default rule to display the default CAPTCHA. It applies to traffic that does not match any other rules. You cannot delete the default rule.

In a CAPTCHA show rule, you can configure the following:

• Challenge option: CAPTCHA to show to the user.

  You cannot delete a challenge option if it is used in a rule.

• Rule priority: Order for checking rules. The values range from 1 to 999999. The default rule priority is set to 1000000 and cannot be changed.

  Rules are checked in ascending priority order, starting from 1, 2, and up to 1000000. If traffic matches multiple rules, the first rule to trigger will apply.

• Conditions for incoming traffic: Incoming traffic properties, which include:

  • IP: IP address, IP address range, or IP address region.

    You can add or remove an IP address, IP address range, or IP address region to or from a CAPTCHA show rule. For example, you can specify trusted IP addresses of your customers or regions accounting for the most of attacks on your website.

  • HTTP header: HTTP header parameter.

    You can select various CAPTCHA options depending on the user device or browser sending the request. Also, you can use HTTP header to find out the referral source, authorization details, and other data.

  • URI: Path of an incoming request to your website.

    You can configure a difficult CAPTCHA for critical pages, e.g., those used for authentication or payment.

  • Host: Domain receiving the request.

You can set one or more different conditions in a rule. You can also add multiple conditions of the same type using the AND or OR operators.

Traffic conditionsTraffic conditions