How To Add Google reCAPTCHA To Exchange Web Access and Protect from brute force attacks

0 Microsoft Exchange 2016, Security, Tech, Tutorials,

To create a Google reCAPTCHA site and integrate it into Exchange Server OWA/ECP, go through the below steps:

First create a new Google reCAPTCHA site. Once we have the reCAPTCHA keys, we can integrate them into Exchange Server.

Sign in to Google reCAPTCHA and fill in the below details:

  • Label:
  • reCAPTCHA type: reCAPTCHA v2 – “I’m not a robot” tickbox
  • Domains: (your Exchange URL)

Check both the checkboxes:

  • Accept the reCAPTCHA Terms of Service
  • Send alerts to owners

Click on Submit.

Now you have 2 keys : 1. site key 2. secret key

now in your exchange server browse to folder :

C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth

Create a new file with Notepad with the name recaptcha.aspx in that folder

edit with notepad and copy this code into it :

<% @ Page AspCompat=True Language = "VB" %>
<%
Dim strPrivateKey As String = "SECRET_KEY"
Dim strResponse = Request("response")
Dim objWinHTTP As Object
objWinHTTP = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objWinHTTP.Open("POST", "https://www.google.com/recaptcha/api/siteverify", False)
objWinHTTP.SetRequestHeader("Content-type", "application/x-www-form-urlencoded")
Dim strData As String = "secret=" & strPrivateKey & "&response=" & strResponse
objWinHTTP.Send(strData)
Dim strResponseText = objWinHTTP.ResponseText
Response.Write(strResponseText)
%>

Replace “SECRET_KEY” (3rd line) with the key you have create before .

Now we need to configure the Exchange login page to use reCaptcha . First create a backup file, just in case… :

Note: The file logon.aspx will be rewritten to its original state when you install Exchange Server CU. So write down in your manual to replace the file after the CU and test that the Google reCAPTCHA works.

Look for 






Change this to (leave the rest of the line untouched):



















Then in the file find :










Change this to :















Now the Tricky part, you need to add the script in the right place, next look for :










And create few empty line, like this :














Now copy this text in this empty lines leaving one line above and one below :












Replace “SITE_KEY” with the one you got from google














Save the file ! That’s IT !!! the captcha should be visible immediately (After refreshing the page)





  














If this is not that case try restart the IIS by executing on command prompt as administrator





 





iisreset





make sure you are not confused with the keys 





Good Luck

					
                        
					                                                        
										                            
						

							

							

						
                      
					                            
											

										                              
						

	

		
						
	

		
Leave a Reply 
Your email address will not be published. Required fields are marked *