We have implemented recaptcha-enterprise recently. https://recaptchaenterprise.googleapis.com/v1/projects
It works fine everywhere except for a specific customer with 20 users where it works intermittently but ends up with consistent error most of the times : UNEXPECTED_ENVIRONMENT and score < 0.5
We added multiple related domains to trusted sites, allowed tracking etc. in both Chrome and Edge, but no luck so far.
At this point after troubleshooting with end user IT team we suspect that it is something to do with network proxy or firewall settings.
Interception Proxy Information (AKA: Man-in-The-Middle Proxy/SSL Stripping):
With HTTPS traffic client network proxy is configurated to decrypt the connection so it can analyze the traffic information (FQDNs/IPs) and scan any file information that might be contained (e.g. check file hashes, scanning for malware). This works by having the proxy act as an intermediary/issuing CA and re-issuing the responding server's SSL/TLS certificate with an "in-house" issuing/intermediary trusted certificate on the fly to rebuild the connection to the client making the HTTPS request.
What we need to know is if the error UNEXPECTED_ENVIRONMENT displayed in the reCAPTCHA admin console is related to this decryption technique, which could be possible if Google is applying any of the following countermeasures and reducing the score < 0.5? • HTTP Strict Transport Security (HSTS) • Certificate Pinning • OCSP Stapling
Any relevant suggestions and solutions are appreciated.
We added multiple related domains to trusted sites, allowed tracking etc. in both Chrome and Edge, but no luck so far.
reCAPTCHA intermittently works as initially stated inside that specific network. We were expecting it to work consistently without any issues. Also client network admin allowed our app domain, gstatic.com, google.com in the firewall. Yet, no improvement in the situation.
Also serverIPAddress is always 10.1.3.3 in the logs even if tried for multiple days, reverse proxy or something.
