Released: December 2, 2025
A new Access Rules feature has been added to give administrators enhanced control over who can submit applications and forms, register for events, book appointments and other activities that create or update contacts. You can now block or allow access based on IP addresses, IP ranges, email domains, or IP-based country locations.
Whitelisting is especially useful in high-traffic, shared-device environments—such as admissions office kiosks—where many users submit from the same computer. By whitelisting the IP address, you can bypass fraud detection, rate limits, and reCAPTCHA, allowing uninterrupted access for legitimate use.
Access Rules can be configured in your profile under: Profile Picture > General > Access Rules.
Rule types include:
Email Domain: Blocklist only (e.g., prevent submissions from free email services)
IP Address: Option to block or whitelist individual IPs
IP Range: Option to block or whitelist a range of IPs
Country: Blocklist only, based on IP geolocation
Whitelisting IP addresses:
Bypasses all limits, including fraud detection and reCAPTCHA
Removes rate limiting for app and event registrations
Overrides block settings (whitelisted IPs will still be allowed, even if other rules block similar submissions)
Block action behavior:
Blocks submission of applications, forms, events, and appointments
Displays user-friendly error messages:
Email domain blocked: “You are not permitted to submit using this email domain.”
IP/Country blocked: “You are not permitted to submit from this IP address.”
Priority handling: If both block and whitelist rules exist for the same criteria, the block action takes precedence to ensure secure enforcement.
This update improves control, security, and reliability across your public-facing resources. Whether you’re preventing spam from certain locations or ensuring high-volume submission environments (like shared admissions computers) aren’t blocked or throttled, Access Rules help you manage access without disrupting legitimate users.
