ONLYOFFICE DocSpace 3.7 released: File generation & new providers in AI agents, smarter forms, room grouping, and more
ONLYOFFICE DocSpace 3.7 released

Configuring recaptcha in the server version

reCAPTCHA allows you to protect the portal against brute-force attacks by distinguishing human users from automated access.

Enabling reCAPTCHA

By default, this feature is disabled in the server version. To enable it, modify the configuration file as follows:

  1. Get reCAPTCHA keys associated with your domain. Go to the https://www.google.com/reCAPTCHA/admin/create page.
    1. Click Switch to create a classic key.
    2. Specify the Label to identify the site.
    3. Select reCAPTCHA v2 in the reCAPTCHA type section.
    4. In the Domains section, specify your domain.
    5. Check the Accept the reCAPTCHA Terms of Service checkbox.
    6. Click SUBMIT.
    7. Copy your generated site key and secret key.
  2. Open the web.appsettings.config file.
    • For Windows version, it can be found in the c:\Program Files\Ascensio System SIA\onlyoffice\WebStudio\ folder.
    • For deb, rpm packages, it can be found here: /var/www/onlyoffice/WebStudio/web.appsettings.config.
    • For Docker version, it can be found within the CommunityServer container: /var/www/onlyoffice/WebStudio/web.appsettings.config.
  3. Add the following two lines to web.appsettings.config, replacing the values with your site key and secret key obtained in step 1. 
    <add key="web.reCAPTCHA.public-key" value="your_site_key" />
<add key="web.reCAPTCHA.private-key" value="your_secret_key" />

    Save the changes.

  4. Restart the application.
    • For Windows version, restart the site in IIS.
    • For deb, rpm packages, use the following command: sudo service monoserve restart.
    • For Docker version, restart the CommunityServer container or execute the following command within the CommunityServer container: systemctl restart monoserve.service.

Adjusting security settings

Once the feature is enabled in the configuration file, the owner or full access admin can adjust the portal settings:

  1. Sign in to your portal.
  2. Click the Settings Icon icon in the right-upper corner to open Settings section.
  3. Select the Security tab in the left-side panel, then go to the Login Settings subsection.
  4. In the Number of attempts field, set up the limit of unsuccessful login attempts by the user;
  5. In the Blocking time (sec) field, set the duration for blocking new login attempts;
  6. In the Check period (sec) field, set the time window for counting unsuccessful login attempts.
  7. Click Save at the bottom of the section to apply the settings.

When the specified limit of unsuccessful login attempts is reached, for attempts originating from the associated IP address, a reCAPTCHA challenge will be presented for the configured duration.

Article with the tag:
Browse all tags