Returns the status of the user’s answer to the CAPTCHA challenge. The returned value is one of the following strings:
  • not_received - the answer to the CAPTCHA challenge did not appear in the request; this is the normal result, before the CAPTCHA challenge is sent to the client
  • correct - the answer is correct
  • incorrect - the answer is incorrect
  • empty - an empty answer was given, or if the user clicked on the CAPTCHA Refresh button
  • expired - the answer has expired; in this case, the answer is not validated and may be correct or incorrect
  • invalid - the cookie containing the CAPTCHA answer cannot be parsed; this could mean that it was modified by an attacker, or that it is older than two days, or due to a configuration change
  • bot_detected - bad response to CAPTCHA: non-human behavior was detected in CAPTCHA page




# EXAMPLE: Send a CAPTCHA challenge on the login page, and only allow the
# login if the user passed the CAPTCHA challenge
    if {[ASM::captcha_status] ne "correct"} {
        if {[HTTP::uri] eq "/t/login.php"} {
            set res [ASM::captcha]
            if {$res ne "ok"} {
                log local0. "cannot send captcha_challenge: \"$res\""