Forum Discussion

Matos06's avatar
Matos06
Icon for Nimbostratus rankNimbostratus
Mar 26, 2023

Big-Ip Egde Client reCaptcha

Hey guys,

I'm having a problem that when accessing my login page through the Bip-Ip Edge Client, Google recaptcha does not work when I click on I'm not a robot it stays in looping .

Has anyone ever experienced this ?

Strangely, this only happens on the Big-IP client per browser, and it works normally.

Thanks

9 Replies

  •  

    Hi,

    We encountered the same issue at a customer's apm. BIG-IP v16.1.2.2, Edge Client 7221.
    We upgraded the firmware to v16.1.3.4 and edge client to 7240. There was no change, we had to remove the captcha.

    I encountered the same issue when I tested in v17.0 lab device.

    Recaptcha works on the web browsers.
    When I click the "I am not a robot" checkbox on Edge Client, no requests are sending to google. The below requests are not occurring in edge client.

    https://www.google.com/recaptcha/api2/reload?k=6LcWCSwUAAAAAKW5tV5p-Dsszk....rI0Hh2
    https://www.google.com/recaptcha/api2/userverify?k=6LcWCSwUAAAAAKW5tV5p-Dsszkr....I0Hh2

    There is no problem with hcaptcha.
    The difference I see between edge client and web browser for recaptcha; edge client sends a request to "https://www.google.com/pre/config.php?version=2.0" and gets a 404 response.
    This request does not occur when there is no recaptcha configuration.
    When using hcaptcha, "/pre/config.php" request is not sent to the hcaptcha service.

    GET https://www.google.com/pre/config.php?version=2.0 HTTP/1.0
    Host: www.google.com
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; F5 Networks Client)
    Connection: close
    
    HTTP/1.0 404 Not Found
    Content-Type: text/html; charset=UTF-8
    Referrer-Policy: no-referrer
    Content-Length: 1575
    Date: Fri, 31 Mar 2023 23:43:36 GMT
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    
    <!DOCTYPE html>
    <html lang=en>
      <meta charset=utf-8>
      <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
      <title>Error 404 (Not Found)!!1</title>
      <style>
        *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
      </style>
      <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
      <p><b>404.</b> <ins>That’s an error.</ins>
      <p>The requested URL <code>/pre/config.php</code> was not found on this server.  <ins>That’s all we know.</ins>

  • Thanks for the additional information. This "config.php" is how Edge Client obtains information from BIG-IP about the versions and logon modes of the APM VPN concentrator. This behavior of following the hostname but not the path part of a URL has also happened in another situation in a different version of the client. This issue might be related to security changes that have been made in the client about how links are processed / validated.

    Can you open a support case and reference ID 1032505? We'll need to get the product engineering team to take a look.

  • PSilva's avatar
    PSilva
    Ret. Employee

    Hi~ Not sure what APM version you are on but I found this: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-13-0-0.html


    497100 : APM Migrates to Google reCAPTCHA API Version 2.0

    Component: Access Policy Manager

    Symptoms:
    Google introduced reCAPTCHA API v2 in December 2014. The v2 API will not work with API key pair generated for v1 API. With APM migrating to reCAPTCHA v2, the key pair that works with previous releases of the APM will stop functioning after upgrade.

    Google recommends sites that are using v1 API to register new keys and upgrade to v2. (See https://developers.google.com/recaptcha/docs/faq)

    Conditions:
    When key pair generated for v1 API is used in the reCAPTCHA configuration.

    Impact:
    Users will not be able to log in.

    Fix:
    N/A

    Behavior Change:
    Before upgrade, admin is required to register a new key pair with Google. After upgrade, the "secret" and "site key" fields on the reCAPTCHA admin UI are populated with the old keys. Replace the old keys with the new keys obtained from Google.

    Furthermore, the "Verification URL", "Challenge URL", and "Noscript URL" fields are populated with the URLs for Google reCAPTCHA v2 service, not those that were specified before the upgrade. If a virtual server has been configured for v1 verification using HTTPS, the virtual server needs to add client side SSL profile and the "Verification URL" field should point to the virtual server.

    Moreover, the "CAPTCHA Theme" is obsolete and is replaced by v2 CAPTCHA render configuration parameters with the following default values:

    Data Theme = Light
    Data Type = Image
    Data Size = Normal

    • Matos06's avatar
      Matos06
      Icon for Nimbostratus rankNimbostratus

      Hi, Psilva.

      First, thank for your attention and response.
      We use the version BIG-IP v14.1.5.3 (Build 0.18.5) and  BIG-IP EDGE Client 7240,2023,104,610.

      We already used v2 of google reCaptcha, one of the tests we already performed was to recreate the recaptcha and it still didn't work.

      This problem only happens through the Big-ip edge client, if access via WEB or reCaptcha works normally

      the "CAPTCHA Theme" 

      it is as mentioned


      Attached captcha image in lopping when clicking "I am not a robot"


  • PSilva's avatar
    PSilva
    Ret. Employee

    This might be something Lucas_Thompson can take a look at? Is the loop not completing; keeps spinning or punks out? 

    • Matos06's avatar
      Matos06
      Icon for Nimbostratus rankNimbostratus

      Hi, Lucas.

      This problem occurs on all computers, including new computers out of the box, we install the big ip client.

      The strangest thing is that this was something functional that everyone accessed the vpn that way, google's reCaptcha V2 does not work on the Big Ip edge client, but it works using only the browser.

      Related to the other tests on the page, we have already carried out.

  • My customer are facing the same problem, since WindowsOS starting a new rule for auto start the Microsoft Edge Browser when open old IE Browser.

    I'm not sure F5 Edge Client use which Browser to open the Login Page, if F5 Edge Client use the old IE Browser and cannot open the Edge Browser, maybe the service will abnormal.

    I'm not open case to confirm, just disable "Allow Access if CAPTCHA Verification Cannot Complete" config, and wait F5 to fix this problem