We are getting 504 Gateway Time-out in the Google Recaptcha after submitting the form in our Web Portal.

So far when we curl in the App Server:

curl -X POST -H "Content-Type: application/json" \
  -d '{"secret": "abc123", "response": "def456"}' \
  https://www.google.com/recaptcha/api/siteverify

we get timeout-or-duplicate error.

Background:

We are using Google Recaptcha V2 to prevent bots in our page since we don't have user authentication and the page is open to the public.

The page that has the Google Recaptcha is in one of the pages of our Web Portal which is created using ReactJS. This Web Portal is hosted in our Web Server. This web server serves as the reverse proxy and communicates to the APIs that are hosted in the App Server. The App Server doesn't have internet access.

Our Google Recaptcha is using server side validation, once the user answers the form, completes Google Recaptcha, then submits, the Web Portal sends the response key to the backend via API. The backend then validates this by calling API Request to Google.

We already whitelisted the Google IP address in the app server level so it is able to connect to Google as stated here:

1. https://code.google.com/archive/p/recaptcha/wikis/FirewallsAndRecaptcha.wiki
2. https://chronicler.tech/firewall-considerations-for-google-recaptcha/

This is the backend snippet:

public boolean verifyCaptcha(String responseCaptcha) throws  IllegalAccessException, BaseServiceException, JsonParseException, JsonMappingException, IOException, Exception {
  String secretGoogle = baseServiceCommonPropertiesBean.getRecaptchaKey();
  
  logger.info(" Entering verifyCaptcha method  of DeclarationServiceImpl class.");
  if (responseCaptcha == null || "".equals(responseCaptcha)) {
    return false;
  }
  
  String googleUrl = "https://www.google.com/recaptcha/api/siteverify?secret=" + secretGoogle + "&response=" + responseCaptcha;
  
  try{
    URL url = new URL(null, googleUrl, new sun.net.www.protocol.https.Handler());
    HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
    /*URL obj = new URL(googleUrl);
      HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();*/
    // add reuqest header
    con.setRequestMethod("POST");
    con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    con.setRequestProperty("User-Agent", "Mozilla/5.0");
    /*String postParams = "secret=" + secretGoogle + "&response=" + responseCaptcha;*/

    // Send post request
    con.setDoOutput(true);
    DataOutputStream wr = new DataOutputStream(con.getOutputStream());
    //wr.writeBytes(postParams);
    wr.flush();
    wr.close();

    int responseCode = con.getResponseCode();
    logger.info("Resposne Code "+responseCode);
    logger.info("Post parameters : " + googleUrl);
    
    BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
    String inputLine;
    StringBuffer response = new StringBuffer();

    while ((inputLine = in.readLine()) != null) {
      response.append(inputLine);
    }
    in.close();

    //parse JSON response and return 'success' value
    String responseBody = response.toString();
    logger.info("Result response from google : "+responseBody);

    if (responseBody == null || responseBody.isEmpty()) {
      logger.info("Response body is empty");
      return false;
    }
    
    JSONObject jsonObject = new JSONObject(responseBody);
    boolean result = jsonObject.getBoolean("success");
    logger.info("Result from google : "+result);

    return jsonObject.getBoolean("success");
  }catch(Exception e){
    logger.error("Error at verifyCaptcha method  of DeclarationServiceImpl class and error is :"+e);
    return false;
  }
}

I'm using react-google-recaptcha for the Web Portal ReactJS in the frontend.