2

I need to protect a form submission using either v2 or v3 of Google reCAPTCHA.

Is there any issue about having the website running in an AWS (Application) Load Balanced environment? Will reCAPTCHA effectively be testing the IP addres against the load balancers internal IP address?

Reason for asking is that using V3 of reCAPTCHA to record confidence scores against dubious form submissions resulted in 70-80% confidence in submission being "good".

Swomble
  • 874
  • 8
  • 17
  • 2
    You should [send](https://developers.google.com/recaptcha/docs/verify#api_request) real client's ip address. This is the `remoteip` request parameter. – Mike Doe Feb 10 '20 at 15:18
  • @emix so just passing through the remoteip parameter on server side should be fine - I don't need to make any changes to the client side setup? – Swomble Feb 10 '20 at 15:24
  • That's how's it's supposed to be done, the validation happens on the server side, not the client side. – Mike Doe Feb 10 '20 at 15:39

0 Answers0