How to show captcha for all visitors without search engine visitors?

I want to show captcha for all visitors without search engine visitors. Already I made a firewall rule for IP address (Expression - (ip.src ne / my IP)), where all visitors (search engine visitors, referral visitors, social visitors, direct visitors) have to solve a captcha to enter my website.

But I want the visitors that only come from search engines (like Google, Bing, DuckDuckGo), they don’t have to solve any captcha.

How do I do that?

Any firewall rule for this?

You’d have to DIY in a Firewall Rule by checking if the referer matches a list you’d have to create. The downside is that bots might try to imitate that referer, but I’ve not seen that in my recent logs.



Is it ok…?

Looks good.

Remember you may also be blocking legit visitor that enter your URL directly into the browser, or get the link from a friend via IM or email.

1 Like

As it’s a CAPTCHA, it’s not quite a “block”. But it’s inconvenient. I do something similar, but I use a JS Challenge.

1 Like

True but repeat visitors would get annoyed pretty quickly.

Rules need to be a bit more flexible - use a combination of threat score, blocking some large cloud providers while not blocking known bots, block some but not all unruly user agent strings, blocking some countries (depending on what you want to do perhaps block only some HTTP Methods for some countries such as no POST from A, B or C) and so on.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.