Troubleshooting Tip: Captcha not enforced when configured for bot confirmation in a custom rule
| Description | This article describes how to resolve a captcha verification not applying to a custom policy as expected. |
| Scope | FortiWeb 7.x and FortiWeb 8.x. |
| Solution | When configuring a custom rule and applying a Bot Confirmation -> Captcha Enforcement, users might receive an immediate block page or may be allowed through without the intended Captcha Challenge page.
To confirm this behavior, the attack logs can be reviewed with the results similar to the following:
To resolve it, go to Policy -> Client Management. Under the 'Threat Score' section, adjust the score maximum range for 'Suspicious Client' until the user can see the Captcha Challenge screen (the default score value is between 100 to 200).
For example:
Once adjusted, the captcha screen should be visible for the users:
|
