Disabling CAPTCHA

Disabling CAPTCHA Blocking for Testifly IP Addresses

Overview

To protect your application, you may be using security services such as Cloudflare, Google reCAPTCHA, or AWS WAF. These services sometimes identify automated traffic and respond with CAPTCHA challenges.

Since Testifly accesses your site automatically as part of its testing and monitoring process, CAPTCHA challenges can prevent our service from working correctly.

To ensure uninterrupted operation, you must exclude Testifly’s IP address (132.220.232.112) from CAPTCHA enforcement by allowlisting them in your security provider.

What Needs to Be Configured

In all providers, the solution follows the same principle:

• Identify the security rule that triggers CAPTCHA or bot challenges
• Add Testifly’s IP address 132.220.232.112 to an allowlist
• Ensure allowed IPs bypass CAPTCHA and challenge actions

⚠️ Important CAPTCHA is not disabled globally. Only Testifly’s IPs should be exempted.

Cloudflare

Cloudflare allows you to bypass CAPTCHA and other challenges by explicitly allowing trusted IP addresses.

Option 1: IP Access Rules (Recommended)

IP Access Rules let you allow traffic from specific IP addresses so it bypasses Cloudflare security checks.

Official documentation: https://developers.cloudflare.com/waf/tools/ip-access-rules/

Behavior:

• Traffic from allowed IPs is not challenged by CAPTCHA
• WAF, Browser Integrity Check, and challenge pages are skipped

Option 2: Custom WAF Rules

You can create a custom rule that allows traffic from Testifly IPs before other security rules are evaluated.

Official documentation: https://developers.cloudflare.com/waf/custom-rules/use-cases/allow-traffic-from-ips-in-allowlist/

Google reCAPTCHA Enterprise

If you are using reCAPTCHA Enterprise, you can configure an IP allowlist so requests from trusted IPs do not trigger CAPTCHA verification.

IP Allowlist Configuration

Official documentation: https://cloud.google.com/recaptcha/docs/allowlist-ip

Behavior:

• Requests originating from allowlisted IPs bypass reCAPTCHA enforcement
• Supports individual IPs and CIDR ranges

ℹ️ Note This capability is available in reCAPTCHA Enterprise. Standard reCAPTCHA does not support IP-based exemptions.

AWS WAF

AWS WAF allows CAPTCHA and challenge actions as part of Web ACL rules. To prevent CAPTCHA from blocking Testifly, you must exclude its IPs from the rules that trigger challenges.

How This Works

• CAPTCHA is applied through rule actions
• You can define IP sets and use them in rule logic
• Trusted IPs should be evaluated before CAPTCHA rules

Official documentation:

• CAPTCHA and Challenge actions https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-and-challenge.html
• WAF rules and IP match statements https://docs.aws.amazon.com/waf/latest/developerguide/waf-rules.html

Recommended setup:

1. Create an IP set containing Testifly IP addresses
2. Add a rule that allows traffic from this IP set
3. Place the rule above any CAPTCHA or challenge rules

Other Providers

If you use another firewall, CDN, or bot-management service (e.g., Akamai, Fastly, Imperva), look for one of the following features:

• IP Allowlist / Trusted IPs
• Firewall rules with “Allow” action
• Bot management exclusions
• CAPTCHA exemptions by IP

In most systems, allowing a trusted IP automatically bypasses CAPTCHA challenges.

Security Best Practices

• Only allowlist the IP addresses provided by Testifly
• Avoid allowing large IP ranges unless explicitly instructed
• Review allowlists periodically
• Keep CAPTCHA enabled for all other traffic

Need Help?

If you’re unsure how to configure your provider or want us to validate your setup, please contact our support team [email protected]. We’re happy to assist!

Once Testifly IPs are allowlisted, email us to confirm everything is working correctly.