captcha_charset
The `captcha_charset` directive defines the set of characters used to generate captcha text within NGINX.
Description
The captcha_charset directive in the NGINX Captcha Module specifies the characters that are allowed to be used in the generation of captcha text. By default, it includes a mix of lowercase letters (excluding some similar characters), uppercase letters, and numbers, making the captcha relatively easy for humans to read, while challenging for automated bots. Developers can customize this set of characters to fit their application's needs, potentially increasing the complexity of the captcha challenge and enhancing security against automated submissions.
This directive can be set in various contexts, such as http, server, and location, allowing for flexible configuration depending on the scope of the application. When the captcha image is generated, a random series of characters from the defined charset is selected based on the specified captcha_length. It's important to define a charset that is balanced; having only complex characters or too few characters can impact usability. The captcha_charset directive does not have a default value that restricts its use, so you must define it explicitly in your NGINX configuration file to customize the captcha character set effectively.
Config Example
location =/captcha {
captcha;
captcha_charset "abcde12345";
}Ensure that the charset contains enough diversity to prevent easily guessable captchas, but also be mindful of user readability.
If the charset is too complex or contains unusual characters, it may frustrate users who are attempting to solve the captcha.