0

We have an ASP.NET MVC 5 app hosted behind a Netscaler. The app uses Google reCAPTCHA but its outgoing requests by reCAPTCHA fail because the IP addresses are blocked. I researched the IPs it was trying to hit and they're similar to but not listed here: https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki

This post talks about this issue as well: Recaptcha IP addresses

The IPs change frequently and seem to not be listed anywhere. We can't use the hostname, as we're required to whitelist specific IPs on Netscaler.

Any reliable way to get reCAPTCHA working with Netscaler? If not, what alternative is there to reCAPTCHA?

Alex
  • 34,699
  • 13
  • 75
  • 158

1 Answers1

2

You can implement recaptcha as an auth method. if you do that your,security team might allow the traffic without ip filters.

Have a look here. https://support.citrix.com/article/CTX216091

KaiT
  • 156
  • 2
  • Thanks, @KaiT. Not sure about step 6: ``. Are we entering the actual IP address of `www.google.com` here? Currently it's `172.217.7.142` but wondering if that changes; if it does and we have to hard-code it here, then we're back to the same issue as above. – Alex Feb 05 '18 at 13:17
  • 1
    Its kinda stupid you cannot add dns names / fqdn directly but there are workarounds: 1: add a server object srv_google.com with dns name www.google.com , 2: make service object of type ssl_bridge port 443 and point it to the server object srv_google.com 3: create an lb object with a valid ip that the netscaler can reach (i.e a private ip) and point the service object to the lb object.. Now in the article i mentioned at point 6 enter the ip address from step 3 as the "google ip" :D so simple but not very obvious if you havent worked alot with Netscalers – KaiT Feb 06 '18 at 00:38
  • 1
    Make sure you have setup dns resolution on the netscaler (simply add 8.8.8.8 as a name server or use the netscalers own dns server) – KaiT Feb 06 '18 at 00:41
  • Hi @KaiT, do you know if the solution you provided is valid for v 12.1 of Netscaler? Thanks. – Alex Jan 04 '19 at 14:49
  • 1
    Hi @Alex the solution is valid for Netscaler 12. – KaiT Jan 11 '19 at 11:16