Security Policy
Fine-tune how SilentShield protects your forms with IP filters, rate limits, and challenge modes.
In your dashboard, go to API Keys → select a key → Security tab.
Security Options
| Option | Description |
|---|---|
IP Whitelist | Only allow requests from these IPs or CIDR ranges (e.g., 192.168.1.0/24) |
IP Blacklist | Block requests from these IPs or CIDR ranges |
Country Block | Block requests from specific countries by ISO code (e.g., CN, RU) |
Bot Threshold | Score below this value is considered a bot (default: 0.3, range: 0.0–1.0) |
Challenge Mode | 'always' = CAPTCHA on every request, 'suspicious' = only on suspicious behavior (default), 'never' = monitor only |
Rate Limit per IP | Maximum requests per IP per minute (default: 100) |
Allowed Referers | Additional domains allowed to send requests |
Escalation Levels
SilentShield uses a 5-level escalation system based on the behavior score:
| Score Range | Level | Action |
|---|---|---|
| 0.85 – 1.0 | Pass | No challenge — user is clearly human |
| 0.7 – 0.85 | Easy | Invisible Proof-of-Work challenge (~100ms) |
| 0.5 – 0.7 | Medium | Proof-of-Work with higher difficulty (~200ms) |
| 0.3 – 0.5 | Hard | Proof-of-Work + visible Math CAPTCHA fallback |
| 0.0 – 0.3 | Block | Request is rejected (HTTP 403) |