restricting outbound traffic for recaptcha use

Hi, We are currently using a web application which uses google's recaptcha module and due to our internal security SLA we need to restrict the network traffic to the maximum. What, we've done so far and works is - restrict inbound traffic to HTTPS - restrict outbound traffic from the WEB server to ANY on the web on HTTPS only Like this our web site is accessible and we can use google recaptcha for the non robot validation. This outbound rule is used in order to allow google recpatcha working. In the past we were setting an outbound rule on the firewall from our webserver to a list of IP addresses which was also working until google shuffles the IP addresses that resolve www.google.com As setting the outbound rule from IP server to ANY is not compliant with our internal security rules. We would like to use a proxy in order to be able to manage the outbound rule using the dns alias www.google.com instead of using IPs or ANY. I have read articles on the forum that partially answer my questions but they re quite old and not all very clear... My questions are the following: - What are the network flows of the recaptcha module for the outbound traffic ? According to our network traces it does not query google each time someone uses recaptcha but it loosk like that recaptcha is using some kind of token that expires regularly. - Can we use a proxy (SQUID proxy or other) in order to manage outbound traffic for google recaptcha ? Thank you for your help. Regards, Philippe S. -- You received this message because you are subscribed to the Google Groups "reCAPTCHA" group. To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+unsubscribe@googlegroups.com. To post to this group, send email to recaptcha@googlegroups.com. Visit this group at http://bit.ly/1dkFnYd. For more options, visit http://bit.ly/P65DvS.