Form & Web Widget Security


We monitor requests made to web widgets and forms to try and 

  • Identify and block suspicious requests
  • Block automated form submissions - i.e. submissions from spambots


Identify and Blocking Suspicious Requests

If the pattern of requests from a particular source* looks suspicious Donorfy will initially restrict the number of requests responded to - if Donorfy continues to receive suspicious requests all requests from that source will be blocked and email users in your Donorfy who are subscribed to the suspicious requests notfications (see here: User Profile) to tell them this has happened. 

You can then decide whether to keep the block in place or allow requests from that source - see 'Allowing and Blocking Requests' below.

* Donorfy uses IP addresses to track the source of requests, IP addresses are numbers allocated to computers using the internet - similar to how a postal address identifies a house or building, an IP address identifies a computer.


Blocking Automated Form Submissions

When the form is submitted Donorfy uses various checks to determine whether the form appears to have been submitted by a real person rather than a spambot. If the form appears to have been submitted by a spambot Donorfy will mark it as spam and it will not be processed.


Allowing and Blocking Requests

Request rules can be set up from within:

Forms > Security 


Online Donations > Security

mceclip1.png mceclip2.png

The rules are a list of allowed or blocked IP addresses. This list is shared by Forms and Web Widgets so it can be managed in both places. These rules are applied whenever a Web Widget or Form is requested. 

Existing request rules are shown in a list - you can update or delete these rules as required.

If a blocking rule was added automatically then information about when it was added and where the requests appear to originate from will be shown - this allows you to decide whether you want to keep the rule or delete the rule.


To add a new Request Rule, click on Add Request Rule button


  • Enter a description for the rule
  • Enter the range of IP addresses the rule applies to - if you only want the rule to apply to one IP address then enter that value in both the From and To IP address
  • Indicate whether requests received from the IP addresses in the range should be allowed or blocked
  • Save the changes

Note - the IP addresses added should be the Public IP address - if you need to locate your Public IP address, then you can search via your web browser "What is my IP" 

IP address range to be blocked, please ensure that the lower IP number is in the 'From IP Address' box and the higher IP number is in the To IP Address box.






To delete a rule or rules, click the Delete button.


Please sign in to leave a comment.
Powered by Zendesk