diff --git a/controllers/auth.go b/controllers/auth.go
index 07877448..ea9e180e 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -555,8 +555,11 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with LDAP is not enabled for the application"))
 				return
 			}
+
+			clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
+			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username, clientIp); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
@@ -1222,27 +1225,26 @@ func (c *ApiController) GetQRCode() {
 func (c *ApiController) GetCaptchaStatus() {
 	organization := c.Input().Get("organization")
 	userId := c.Input().Get("userId")
-	user, err := object.GetUserByFields(organization, userId)
+	applicationName := c.Input().Get("application")
+
+	application, err := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	captchaEnabled := false
-	if user != nil {
-		var failedSigninLimit int
-		failedSigninLimit, _, err = object.GetFailedSigninConfigByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user.SigninWrongTimes >= failedSigninLimit {
-			captchaEnabled = true
-		}
+	if application == nil {
+		c.ResponseError("application not found")
+		return
 	}
 
+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	captchaEnabled, err := object.CheckToEnableCaptcha(application, organization, userId, clientIp)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 	c.ResponseOk(captchaEnabled)
+	return
 }
 
 // Callback
diff --git a/object/check.go b/object/check.go
index adedd683..9cb2c5f6 100644
--- a/object/check.go
+++ b/object/check.go
@@ -593,7 +593,7 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 	return ""
 }
 
-func CheckToEnableCaptcha(application *Application, organization, username string) (bool, error) {
+func CheckToEnableCaptcha(application *Application, organization, username string, clientIp string) (bool, error) {
 	if len(application.Providers) == 0 {
 		return false, nil
 	}
@@ -603,6 +603,12 @@ func CheckToEnableCaptcha(application *Application, organization, username strin
 			continue
 		}
 
+		if providerItem.Rule == "Internet-Only" {
+			if util.IsInternetIp(clientIp) {
+				return true, nil
+			}
+		}
+
 		if providerItem.Rule == "Dynamic" {
 			user, err := GetUserByFields(organization, username)
 			if err != nil {
diff --git a/routers/base.go b/routers/base.go
index 82498afc..614eb74a 100644
--- a/routers/base.go
+++ b/routers/base.go
@@ -185,17 +185,3 @@ func removePort(s string) string {
 	}
 	return ipStr
 }
-
-func isHostIntranet(s string) bool {
-	ipStr, _, err := net.SplitHostPort(s)
-	if err != nil {
-		ipStr = s
-	}
-
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		return false
-	}
-
-	return ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()
-}
diff --git a/routers/cors_filter.go b/routers/cors_filter.go
index 36032da2..0e8f44d5 100644
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@@ -83,7 +83,7 @@ func CorsFilter(ctx *context.Context) {
 			setCorsHeaders(ctx, origin)
 		} else if originHostname == host {
 			setCorsHeaders(ctx, origin)
-		} else if isHostIntranet(host) {
+		} else if util.IsHostIntranet(host) {
 			setCorsHeaders(ctx, origin)
 		} else {
 			ok, err := object.IsOriginAllowed(origin)
diff --git a/util/network.go b/util/network.go
new file mode 100644
index 00000000..03a5f593
--- /dev/null
+++ b/util/network.go
@@ -0,0 +1,47 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"net"
+)
+
+func IsInternetIp(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return !parsedIP.IsPrivate() && !parsedIP.IsLoopback() && !parsedIP.IsMulticast() && !parsedIP.IsUnspecified()
+}
+
+func IsHostIntranet(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return parsedIP.IsPrivate() || parsedIP.IsLoopback() || parsedIP.IsLinkLocalUnicast() || parsedIP.IsLinkLocalMulticast()
+}
diff --git a/web/src/auth/AuthBackend.js b/web/src/auth/AuthBackend.js
index a62a737c..7fe234a6 100644
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@@ -163,7 +163,7 @@ export function getWechatQRCode(providerId) {
 }
 
 export function getCaptchaStatus(values) {
-  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}`, {
+  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}&application=${values["application"]}`, {
     method: "GET",
     credentials: "include",
     headers: {
diff --git a/web/src/auth/LoginPage.js b/web/src/auth/LoginPage.js
index 23f010af..02962439 100644
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -134,6 +134,8 @@ class LoginPage extends React.Component {
         return CaptchaRule.Always;
       } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
         return CaptchaRule.Dynamic;
+      } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Internet-Only")) {
+        return CaptchaRule.InternetOnly;
       } else {
         return CaptchaRule.Never;
       }
@@ -443,6 +445,9 @@ class LoginPage extends React.Component {
       } else if (captchaRule === CaptchaRule.Dynamic) {
         this.checkCaptchaStatus(values);
         return;
+      } else if (captchaRule === CaptchaRule.InternetOnly) {
+        this.checkCaptchaStatus(values);
+        return;
       }
     }
     this.login(values);
@@ -961,9 +966,23 @@ class LoginPage extends React.Component {
     const captchaProviderItems = this.getCaptchaProviderItems(application);
     const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
     const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
-    const provider = alwaysProviderItems.length > 0
-      ? alwaysProviderItems[0].provider
-      : dynamicProviderItems[0].provider;
+    const internetOnlyProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Internet-Only");
+
+    // Select provider based on the active captcha rule, not fixed priority
+    const captchaRule = this.getCaptchaRule(this.getApplicationObj());
+    let provider = null;
+
+    if (captchaRule === CaptchaRule.Always && alwaysProviderItems.length > 0) {
+      provider = alwaysProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.Dynamic && dynamicProviderItems.length > 0) {
+      provider = dynamicProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.InternetOnly && internetOnlyProviderItems.length > 0) {
+      provider = internetOnlyProviderItems[0].provider;
+    }
+
+    if (!provider) {
+      return null;
+    }
 
     return <CaptchaModal
       owner={provider.owner}
diff --git a/web/src/common/modal/CaptchaModal.js b/web/src/common/modal/CaptchaModal.js
index 5850611f..16dab111 100644
--- a/web/src/common/modal/CaptchaModal.js
+++ b/web/src/common/modal/CaptchaModal.js
@@ -181,4 +181,5 @@ export const CaptchaRule = {
   Always: "Always",
   Never: "Never",
   Dynamic: "Dynamic",
+  InternetOnly: "Internet-Only",
 };
diff --git a/web/src/locales/ar/data.json b/web/src/locales/ar/data.json
index a7a028dd..5dc8eeca 100644
--- a/web/src/locales/ar/data.json
+++ b/web/src/locales/ar/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/cs/data.json b/web/src/locales/cs/data.json
index 8b3ca936..ebf8e4e7 100644
--- a/web/src/locales/cs/data.json
+++ b/web/src/locales/cs/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Přizpůsobit hlavičku vstupní stránky vaší aplikace",
     "Incremental": "Inkrementální",
     "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Kód pozvánky",
     "Left": "Vlevo",
diff --git a/web/src/locales/de/data.json b/web/src/locales/de/data.json
index 32bc6a91..bc51c6a5 100644
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Links",
diff --git a/web/src/locales/en/data.json b/web/src/locales/en/data.json
index c8f1c268..c992fb1b 100644
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/es/data.json b/web/src/locales/es/data.json
index 7549a0af..6e9f05f0 100644
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Izquierda",
diff --git a/web/src/locales/fa/data.json b/web/src/locales/fa/data.json
index d5c16a9c..b60ea892 100644
--- a/web/src/locales/fa/data.json
+++ b/web/src/locales/fa/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "کد head صفحه ورود برنامه خود را سفارشی کنید",
     "Incremental": "افزایشی",
     "Input": "ورودی",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "کد دعوت",
     "Left": "چپ",
diff --git a/web/src/locales/fi/data.json b/web/src/locales/fi/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/fi/data.json
+++ b/web/src/locales/fi/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/fr/data.json b/web/src/locales/fr/data.json
index 973d1f94..2039f35b 100644
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incrémentale",
     "Input": "Saisie",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Code d'invitation",
     "Left": "Gauche",
diff --git a/web/src/locales/he/data.json b/web/src/locales/he/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/he/data.json
+++ b/web/src/locales/he/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/id/data.json b/web/src/locales/id/data.json
index 8338b0b7..9f56badb 100644
--- a/web/src/locales/id/data.json
+++ b/web/src/locales/id/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Kiri",
diff --git a/web/src/locales/it/data.json b/web/src/locales/it/data.json
index be1bbc32..f6ecd4b5 100644
--- a/web/src/locales/it/data.json
+++ b/web/src/locales/it/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/ja/data.json b/web/src/locales/ja/data.json
index 2625e1da..1c15df3e 100644
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "左",
diff --git a/web/src/locales/kk/data.json b/web/src/locales/kk/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/kk/data.json
+++ b/web/src/locales/kk/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/ko/data.json b/web/src/locales/ko/data.json
index 1aaf773e..2247382d 100644
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "왼쪽",
diff --git a/web/src/locales/ms/data.json b/web/src/locales/ms/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/ms/data.json
+++ b/web/src/locales/ms/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/nl/data.json b/web/src/locales/nl/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/nl/data.json
+++ b/web/src/locales/nl/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/pl/data.json b/web/src/locales/pl/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/pl/data.json
+++ b/web/src/locales/pl/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/pt/data.json b/web/src/locales/pt/data.json
index da4ef3e5..608795c6 100644
--- a/web/src/locales/pt/data.json
+++ b/web/src/locales/pt/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Código de convite",
     "Left": "Esquerda",
diff --git a/web/src/locales/ru/data.json b/web/src/locales/ru/data.json
index 63fd28aa..c6146ef4 100644
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Последовательный",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Код приглашения",
     "Left": "Левый",
diff --git a/web/src/locales/sk/data.json b/web/src/locales/sk/data.json
index 78862db9..b49afc80 100644
--- a/web/src/locales/sk/data.json
+++ b/web/src/locales/sk/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Vlastný HTML kód pre hlavičku vašej vstupnej stránky aplikácie",
     "Incremental": "Postupný",
     "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Kód pozvania",
     "Left": "Vľavo",
diff --git a/web/src/locales/sv/data.json b/web/src/locales/sv/data.json
index b5b2b5d9..44191de6 100644
--- a/web/src/locales/sv/data.json
+++ b/web/src/locales/sv/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",
diff --git a/web/src/locales/tr/data.json b/web/src/locales/tr/data.json
index e8b3f766..bf7924ea 100644
--- a/web/src/locales/tr/data.json
+++ b/web/src/locales/tr/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Davet Kodu",
     "Left": "Sol",
diff --git a/web/src/locales/uk/data.json b/web/src/locales/uk/data.json
index 195dca20..4f2584b4 100644
--- a/web/src/locales/uk/data.json
+++ b/web/src/locales/uk/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Налаштуйте тег head на сторінці входу до програми",
     "Incremental": "Інкрементний",
     "Input": "Введення",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Код запрошення",
     "Left": "Ліворуч",
diff --git a/web/src/locales/vi/data.json b/web/src/locales/vi/data.json
index 8b9056ea..0dcce000 100644
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Tăng",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Trái",
diff --git a/web/src/locales/zh/data.json b/web/src/locales/zh/data.json
index 71cb613a..3a97b358 100644
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "自定义应用页面的head标签",
     "Incremental": "递增",
     "Input": "输入",
+    "Internet-Only": "外网启用",
     "Invalid characters in application name": "应用名称内有非法字符",
     "Invitation code": "邀请码",
     "Left": "居左",
diff --git a/web/src/table/ProviderTable.js b/web/src/table/ProviderTable.js
index 0fbef2be..b2d92381 100644
--- a/web/src/table/ProviderTable.js
+++ b/web/src/table/ProviderTable.js
@@ -255,6 +255,7 @@ class ProviderTable extends React.Component {
                 <Option key="None" value="None">{i18next.t("general:None")}</Option>
                 <Option key="Dynamic" value="Dynamic">{i18next.t("application:Dynamic")}</Option>
                 <Option key="Always" value="Always">{i18next.t("application:Always")}</Option>
+                <Option key="Internet-Only" value="Internet-Only">{i18next.t("application:Internet-Only")}</Option>
               </Select>
             );
           } else if (record.provider?.category === "SMS" || record.provider?.category === "Email") {