2020-10-29 11:09:12 -04:00
---
2021-08-02 11:08:56 -04:00
stage: Ecosystem
group: Integrations
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-10-29 11:09:12 -04:00
---
2021-02-17 13:09:19 -05:00
# reCAPTCHA **(FREE)**
2015-12-27 23:36:33 -05:00
2020-08-06 11:09:42 -04:00
GitLab leverages [Google's reCAPTCHA ](https://www.google.com/recaptcha/about/ )
2015-12-27 23:36:33 -05:00
to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page
to confirm that a real user, not a bot, is attempting to create an account.
## Configuration
2015-12-28 15:21:34 -05:00
To use reCAPTCHA, first you must create a site and private key.
2015-12-27 23:36:33 -05:00
2021-01-27 19:09:33 -05:00
1. Go to the [Google reCAPTCHA page ](https://www.google.com/recaptcha/admin ).
2018-12-07 16:47:34 -05:00
1. Fill out the form necessary to obtain reCAPTCHA v2 keys.
1. Log in to your GitLab server, with administrator credentials.
1. Go to Reporting Applications Settings in the Admin Area (`admin/application_settings/reporting`).
2021-09-01 05:10:58 -04:00
1. Expand the **Spam and Anti-bot Protection** section.
2019-09-30 02:06:02 -04:00
1. Fill all reCAPTCHA fields with keys from previous steps.
2021-09-01 05:10:58 -04:00
1. Select the **Enable reCAPTCHA** checkbox.
1. To enable reCAPTCHA for logins via password, select the **Enable reCAPTCHA for login** checkbox.
2018-11-12 19:39:21 -05:00
1. Save the configuration.
2020-07-13 08:09:18 -04:00
1. Change the first line of the `#execute` method in `app/services/spam/spam_verdict_service.rb`
to `return CONDITONAL_ALLOW` so that the spam check short-circuits and triggers the response to
return `recaptcha_html` .
2020-12-04 16:09:29 -05:00
NOTE:
2021-01-27 19:09:33 -05:00
Make sure you are viewing an issuable in a project that is public. If you're working with an issue, the issue is public.
2018-06-21 14:13:08 -04:00
2021-09-01 05:10:58 -04:00
## Enable reCAPTCHA for user logins using the HTTP header
2018-06-21 14:13:08 -04:00
2021-09-01 05:10:58 -04:00
You can enable reCAPTCHA for user logins via password [in the user interface ](#configuration )
or by setting the `X-GitLab-Show-Login-Captcha` HTTP header.
For example, in NGINX, this can be done via the `proxy_set_header`
2018-06-21 14:13:08 -04:00
configuration variable:
2020-03-25 02:07:58 -04:00
```nginx
2018-06-21 14:13:08 -04:00
proxy_set_header X-GitLab-Show-Login-Captcha 1;
```
2020-04-29 23:09:32 -04:00
In Omnibus GitLab, this can be configured via `/etc/gitlab/gitlab.rb` :
2018-06-21 14:13:08 -04:00
```ruby
2020-07-28 08:09:49 -04:00
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => '1' }
2018-06-21 14:13:08 -04:00
```