Recaptcha allows you to protect the portal against brute-force attacks by distinguishing human users from automated access.
Enabling recaptcha
By default, this feature is disabled in the server version. If the you want to use it, it's necessary to enable the feature in the configuration file:
- Get recaptcha keys associated with your domain. Go to the https://www.google.com/recaptcha/admin/create page.
- Click the 'Switch to create a classic key' link.
- Specify the Label to identify the site.
- Choose the reCAPTCHA v2 option in the 'reCAPTCHA type' section.
- In the Domains section, specify your domain.
- Check the 'Accept the reCAPTCHA Terms of Service' box.
- Click the SUBMIT button.
- Copy your generated site key and secret key.
- Open the
web.appsettings.config
file.
- For Windows version, it can be found in the
c:\Program Files\Ascensio System SIA\onlyoffice\WebStudio\
folder.
- For deb, rpm packages, it can be found here:
/var/www/onlyoffice/WebStudio/web.appsettings.config
.
- For Docker version, it can be found within the CommunityServer container:
/var/www/onlyoffice/WebStudio/web.appsettings.config
.
- Add the following 2 strings to
web.appsettings.config
replacing values with your own site key and secret key obtained at step1.
<add key="web.recaptcha.public-key" value="your_site_key" />
<add key="web.recaptcha.private-key" value="your_secret_key" />
Save the changes.
- Restart the application.
- For Windows version, restart the site in IIS.
- For deb, rpm packages, use the following command:
sudo service monoserve restart
.
- For Docker version, restart the CommunityServer container or execute the following command within the CommunityServer container:
systemctl restart monoserve.service
.
Adjusting security settings
Once the feature is enabled in the configuration file, the owner or full access admin can adjust the portal settings:
- Enter your portal.
- Click the icon in the right upper corner to open the 'Settings' section.
- Switch to the Security tab at the left-side panel, then go to the Login Settings subsection.
- In the Number of attempts field, set up the limit of unsuccessful login attempts by the user;
- In the Blocking time (sec) field, set up the time interval for blocking new login attempts;
- In the Check period (sec) field, set up the time interval for counting unsuccessful login attempts.
- Click the Save button at the bottom of the section to make the parameters you set take effect.
When the specified limit of unsuccessful login attempts is reached, for attempts coming from the associated IP address, captcha will be requested for the chosen period of time.