64e9cdda6b
* Specified that reCAPTCHA v2 keys must be used * Updated the URL for application settings * Some small rewording
1.3 KiB
1.3 KiB
reCAPTCHA
GitLab leverages Google's reCAPTCHA to protect against spam and abuse. GitLab displays the CAPTCHA form on the sign-up page to confirm that a real user, not a bot, is attempting to create an account.
Configuration
To use reCAPTCHA, first you must create a site and private key.
- Go to the URL: https://www.google.com/recaptcha/admin.
- Fill out the form necessary to obtain reCAPTCHA v2 keys.
- Log in to your GitLab server, with administrator credentials.
- Go to Reporting Applications Settings in the Admin Area (
admin/application_settings/reporting). - Fill all recaptcha fields with keys from previous steps.
- Check the
Enable reCAPTCHAcheckbox. - Save the configuration.
Enabling reCAPTCHA for user logins via passwords
By default, reCAPTCHA is only enabled for user registrations. To enable it for
user logins via passwords, the X-GitLab-Show-Login-Captcha HTTP header must
be set. For example, in NGINX, this can be done via the proxy_set_header
configuration variable:
proxy_set_header X-GitLab-Show-Login-Captcha 1;
In GitLab Omnibus, this can be configured via /etc/gitlab/gitlab.rb:
nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => 1 }