Custom policies for Captcha scenarios - Captcha - Alibaba Cloud Documentation Center

After creating a verification scenario in the Captcha 2.0 console, you can configure a custom policy based on your business requirements. This topic describes how to configure a custom policy.

Preparations

You have activated Alibaba Cloud Captcha 2.0 service.
You have created a scenario.

Enable custom policy

Log on to the Captcha 2.0 console.
In the left-side navigation pane, click Overview. In the version card in the upper-right corner, click ExpandDetails and turn on the Custom Policy switch.

Configure custom policy

Important

Spatial inference scenarios do not support custom policies.
The spatial inference verification form will be offline soon. For more information, see [Announcement] Notice of spatial inference verification form offline.

Log on to the Captcha 2.0 consol. In the navigation pane on the left, choose Security Management > Custom Policy.
On the Custom Policy page, click Modify in the Actions column of the target scenario.

In the Configure Custom Policy panel, complete the following configurations and click OK.

Configuration item	Description
Mode	Basic mode (default): Basic security policy. When there are fewer attack requests, we recommend that you use the basic mode to balance security and user experience. Attack and Defense Mode: Enhanced risk control policy. When attack requests increase, we recommend that you use the attack defense mode to strictly block attack requests. However, this may cause a small number of false positives.
URL Verification	The URL that must be included in the URL of the page on which Captcha 2.0 is called. By default, this parameter is not specified, indicating that the URL of the page is not verified. The configured URL only needs to be included in the actual URL. For example, `www.abc.com` can match `www.abc.com/a`, `www.abc.com/a/xxxx`, and `www.abc.com/b`.
IP Address Access Frequency Limit	Hourly access frequency limit for the same IP address: Enter an integer from 1 to 999999999. Default value: 4000. Daily access frequency limit for the same IP address: Enter an integer from 1 to 999999999. Default value: 10000.
Device Access Frequency Limit	Hourly access frequency limit for the same device: Enter an integer from 1 to 999999999. Default value: 150. Daily access frequency limit for the same device: Enter an integer from 1 to 999999999. Default value: 400.
Block Device Emulators	This includes virtual machines such as VMware, VirtualBox, Hyper-V, and Parallels, Android emulators such as AVD, Blue Stacks, and VBox/Hyper-V, and desktop browsers that simulate mobile devices. Blocking is enabled by default.

After you successfully configure the custom policy, the Policy Type changes from Default to Custom.

Disable custom policy

Log on to the Captcha 2.0 console.
In the left-side navigation pane, click Overview. In the version card in the upper-right corner, click ExpandDetails and turn off the Custom Policy switch.
Important
If you cannot disable the custom policy, go to the Custom Policy page, click Restore to Default in the Actions column to restore all custom policies to their default values, and then disable the custom policy.

References

For information about custom policy billing, see Billing.