This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

reCAPTCHA and firewall

Posted on 08-03-2023 03:03 AM
iharoun
New Member
Reply posted on --/--/---- --:-- AM

Hello dears,

I have recently implemented Google reCaptcha V3 to my website and all is looking good and works perfectly, however, when I deploy the website to my server (which has a firewall) the website crashes due to reCaptcha unable to reach some IP addresses.
I'm using reCAPTCHA.net Enterprise and I can't open internet connection to the server because of security rules in my company, I need to know which IP Addresses are used by Google reCaptcha.net so I can open connection from the server to those IP's, is there like a list of IP's I can use? I opened some IP's used by google and gstatic.com but every once in a while the website crashes and a new IP address is needed.
thanks.

0 3 9,736
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @iharoun ,

Google doesn't provide a fixed list of IP addresses for reCAPTCHA because they can change for reasons like balancing loads and updating systems. This approach is used to make reCAPTCHA more secure and effective.

However, I can recommend workarounds on how to configure firewalls and network settings to work effectively with reCAPTCHA. 

1. Domain Restriction Constraint
Instead of whitelisting specific IP addresses, you could try whitelisting the domains used by reCAPTCHA to ensure proper functionality. This might involve allowing traffic to and from specific domains like www.google.com, www.recaptcha.net, etc.

2. Firewall Rules
You may have to change your firewall settings so your website can talk to outside services, like the reCAPTCHA checker. Just make sure your server can send out messages using the web

3. Consult with reCAPTCHA support
If you're using Google reCAPTCHA.net Enterprise, you may have access to support resources from Google.

0 Likes

Posted on --/--/---- --:-- AM
sistemasibcards
Bronze 1
Bronze 1
In response to Marvin_Lucero
Reply posted on --/--/---- --:-- AM

Hello

We have integrated the reCaptcha Enterprise API into our backend to validate tokens generated on the front end but we are having an error in our production environment because calls to your services are stopping on our firewall.
Can you tell us which addresses we have to allow access to be able to call your services

I add the error we have in the server:

Caused by: io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
  at io.grpc.Status.asRuntimeException(Status.java:535) ~[grpc-api-1.40.0.jar:1.40.0]
  at io.grpc.stub.ClientCalls$UnaryStreamToFuture.onClose(ClientCalls.java:533) ~[grpc-stub-1.40.0.jar:1.40.0]
  at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:557) ~[grpc-core-1.40.0.jar:1.40.0]
  at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:69) ~[grpc-core-1.40.0.jar:1.40.0]
  at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:738) ~[grpc-core-1.40.0.jar:1.40.0]
  at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:717) ~[grpc-core-1.40.0.jar:1.40.0]
  at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37) ~[grpc-core-1.40.0.jar:1.40.0]
  at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:133) ~[grpc-core-1.40.0.jar:1.40.0]
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_345]
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_345]
  ... 1 more
Caused by: java.io.IOException: Connection reset by peer
  at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.8.0_345]
  at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:1.8.0_345]
  at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[?:1.8.0_345]
  at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[?:1.8.0_345]
  at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:379) ~[?:1.8.0_345]
  at io.grpc.netty.shaded.io.netty.buffer.PooledByteBuf.setBytes(PooledByteBuf.java:253) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1133) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:350) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:151) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]
  at io.grpc.netty.shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[grpc-netty-shaded-1.40.0.jar:1.40.0]

Thank you

0 Likes

Posted on --/--/---- --:-- AM
uddavejajoo20
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am trying to implement reCaptcha on our login page and noticing that reCaptcha response is not verified. Upon looking in the firewall logs noticed that its denying the traffic via 443. 
I looked at the https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki which talks about some specific IP address ranges for the reCaptcha service. However, upon checking the domain DNS address right now shows up - www.google.com [142.250.72.36] , www.recaptcha.net [142.250.69.227]
which does not fall under the IP space provided in the above URL.

Hence, would like to know what specific IP ranges we should allow in firewall to allow this traffic from NetScaler to the google recaptcha services.

 

 

0 Likes
Top Labels in this Space