ASM::captcha_status¶
Description¶
Returns the status of the user’s answer to the CAPTCHA challenge. The returned
value is one of the following strings:
- not_received - the answer to the CAPTCHA challenge did not appear in the request; this is the normal result, before the CAPTCHA challenge is sent to the client
- correct - the answer is correct
- incorrect - the answer is incorrect
- empty - an empty answer was given, or if the user clicked on the CAPTCHA Refresh button
- expired - the answer has expired; in this case, the answer is not validated and may be correct or incorrect
- invalid - the cookie containing the CAPTCHA answer cannot be parsed; this could mean that it was modified by an attacker, or that it is older than two days, or due to a configuration change
- bot_detected - bad response to CAPTCHA: non-human behavior was detected in CAPTCHA page
Examples¶
# EXAMPLE: Send a CAPTCHA challenge on the login page, and only allow the
# login if the user passed the CAPTCHA challenge
when ASM_REQUEST_DONE {
if {[ASM::captcha_status] ne "correct"} {
if {[HTTP::uri] eq "/t/login.php"} {
set res [ASM::captcha]
if {$res ne "ok"} {
log local0. "cannot send captcha_challenge: \"$res\""
}
}
}
}