Basestack Docs
User Guide

Security Settings

Security Settings help protect your form from spam, bots, and unauthorized access. Configure IP blocking, honeypot fields, and website restrictions to enhance your form's security.

Accessing Security Settings

Navigate to any form, click "Settings" in the navigation menu, then select "Security". You'll see security options organized in cards.

Security settings require appropriate permissions. Contact the form owner if you don't see these options.

Website Restrictions

Control which websites can submit to your form:

  • Allowed Domains: Specify domains that are permitted to submit
  • Format: Enter domains separated by commas (e.g., example.com, www.example.com)

Website restrictions check the Origin header of submissions. This helps prevent unauthorized sites from submitting to your form.

Use website restrictions when you want to ensure only your website can submit to the form. Leave empty to allow submissions from any origin.

IP Blocking Rules

Block specific IP addresses from submitting to your form:

  • Blocked IPs: Enter IP addresses or IP ranges to block
  • Format: One IP per line or comma-separated (e.g., 192.168.1.1 or 192.168.1.0/24)

You can also block IPs directly from the Submissions page by clicking "Block IP" on any submission.

Be careful when blocking IP ranges, as this may block legitimate users. Consider blocking individual IPs first.

Adding IPs to Block List

Identify the IP Address

View a spam submission's details to find the IP address in the metadata section.

Add to Block List

Go to Security Settings and add the IP address to the IP Blocking Rules field. You can add multiple IPs separated by commas or new lines.

Verify Blocking

Test by attempting a submission from the blocked IP. It should be rejected immediately.

Honeypot Field

Configure a honeypot field to catch automated bots:

  • Field Name: The name attribute for your hidden honeypot field
  • Default: _trap (you can customize this)

Honeypot fields are invisible to users but visible to bots. When a bot fills out the honeypot field, the submission is automatically rejected.

How Honeypot Works

  1. Add Hidden Field: Include a hidden input field in your form with the configured name
  2. Bot Detection: Bots often fill out all fields, including hidden ones
  3. Automatic Rejection: Submissions with the honeypot field filled are rejected

Example Implementation

Add this to your HTML form:

<!-- Honeypot field (hidden from users) -->
<input type="hidden" name="_trap" />

The honeypot field name can be customized in Security Settings. Use a name that looks legitimate to bots but won't conflict with your actual form fields.

Security Best Practices

  1. Enable Spam Protection: Use AI-powered spam detection in General Settings
  2. Use Honeypot: Add honeypot fields to catch basic bots
  3. Block Persistent IPs: Block IPs that repeatedly send spam
  4. Restrict Websites: Limit submissions to your authorized domains
  5. Monitor Submissions: Regularly review spam submissions to identify patterns

Security is most effective when using multiple layers. Combine spam protection, honeypot, IP blocking, and website restrictions for best results.

Understanding Security Layers

Basestack Forms provides multiple security layers:

  1. AI Spam Detection: Automatically identifies spam submissions
  2. Honeypot: Catches bots that fill out hidden fields
  3. IP Blocking: Prevents specific IPs from submitting
  4. Website Restrictions: Limits submissions to authorized domains

Each security layer catches different types of threats. Using all layers together provides the strongest protection.

Troubleshooting

Legitimate Submissions Being Blocked

If legitimate users are being blocked:

  1. Check IP Blocking: Review your blocked IP list
  2. Verify Website Restrictions: Ensure your domain is in the allowed list
  3. Review Spam Detection: Check if submissions are being incorrectly flagged as spam

Too Much Spam Getting Through

If spam is still getting through:

  1. Enable All Security Layers: Use spam protection, honeypot, and IP blocking together
  2. Block Persistent IPs: Identify and block IPs that send spam
  3. Review Patterns: Look for patterns in spam submissions to identify new threats

Next Steps

General Settings

Previous Page

Customization Settings

Next Page

On this page

Accessing Security SettingsWebsite RestrictionsIP Blocking RulesAdding IPs to Block ListIdentify the IP AddressAdd to Block ListVerify BlockingHoneypot FieldHow Honeypot WorksExample ImplementationSecurity Best PracticesUnderstanding Security LayersTroubleshootingLegitimate Submissions Being BlockedToo Much Spam Getting ThroughNext Steps