Have login form, how do i simulate cloudflare's login with captcha?

Have login form, how do i simulate cloudflare’s login with captcha?

Basically how do i enable filtering of IP for failed login once with captcha like cloudflare? this is be NOT workers related but i know cloudflare provide ip filtering. how can i get it done?

Then it is in the wrong category.

But I am not quite sure what you want to achieve. Can you rephrase your question and provide examples?

if i enter the login username and password wrong once, i’ll get a captcha on the login form for cloudflare’s login.

i understand i cant have it done so professionally like cloudflare login so i’m asking …
i do have a login form myself (it runs on cloudflare workers.). i would like it to show the full captcha page from cloudflare if it’s logined wrongly. how can i use cloudflare workers to do this or how do i set the ip filter setting so that the 2nd landing on the same login page will show the “full page captcha challenge” from cloudflare?

This is not something Cloudflare would support. All you could do is redirect upon an incorrect login to a page which is configured on Cloudflare to show a CAPTCHA, however users can still easily go back to the original URL.

With Workers it probably is possible, but you’d need to handle the whole login via the Worker and use KV to keep track of login attempts. That would be custom JavaScript code and you’d need a JavaScript developer for that.

i suddenly have realisation of what KV is about after using it for awhile now.
my question about KV would be… what’s the best use case for it? any good real use case?
long term storage / s3 replacement? using KV for login ip storage is not very wise considering we all know how hackers like to brute force the login and KV will be too expensive to access it all the time.

i’ve already written the worker site and kv login: password store but i realised it’s not ideal against spammers / hackers who can just brute force the costs.

KV simply is a database which you can use from a Worker. That’s it.

In your specific use-case you could use it to keep track of failed logins and show a CAPTCHA accordingly. Personally, I would not implement it via Workers though, and simply do this server side and also show the CAPTCHA there.

i spent 1 week figuring out how to write the login, stored in KV, everything works. then i forgot i need to stop the brute force ip. but… is there a way with the cloudflare firewall add filter setting i can use for this bruteforce stopping? only for the login page. if the cloudflare firewall rules can be written as such, it’ll perfectly complement the workers i’ve written

You could look into rate limiting, though that is also a paid feature and you will be charged for all requests which pass the firewall, not for those which are blocked though.

But if you already have everything set up on Workers, you could simply add some additional logic which shows a CAPTCHA, though that will still be a custom implementation. Cloudflare does not provide you with a CAPTCHA on Workers.

1 Like