Security Settings

Security Settings help protect your chatbot from abuse, spam, and unauthorized access. You can restrict where your chatbot appears, limit message frequency, and block specific IPs or countries.

Where can I find Security Settings?

From the main ChatLab administration page, select Chatbots in the main menu, click on the chatbot you want to configure, then select the Security tab in the settings panel.

Security Settings tab

Allowed Domains

This setting restricts where your chatbot widget can be displayed. By default, your chatbot can be embedded on any website.

To limit your chatbot to specific domains:

  1. Enter the domain names in the Allowed Domains field
  2. Separate multiple domains with commas (e.g., example.com, shop.example.com)
  3. Leave empty to allow the chatbot on all domains

Allowed Domains configuration

This is useful when you want to prevent others from embedding your chatbot on unauthorized websites.

Spam Filter

The spam filter automatically detects and blocks spam messages from reaching your chatbot. This helps protect your message credits from abuse by malicious users or bots.

To enable the spam filter:

  1. Toggle the Enable spam filter switch to ON
  2. The filter will automatically analyze incoming messages
  3. Spam messages will be blocked before consuming your credits

Spam Filter toggle

Rate Limits

Rate limits protect your chatbot against abuse by limiting how many messages a single user can send in a given time period. When the limit is exceeded, the chatbot displays a custom message instead of responding.

To configure rate limits:

  1. Toggle Enable rate limits for bot to ON
  2. Set the Message limit (default: 40 messages)
  3. Set the Time window in seconds (default: 150 seconds)
  4. Customize the Rate limit message shown to users when exceeded

Rate Limits configuration

The limit applies per device and per browser window. This means the same user opening multiple browser tabs will have separate limits for each tab.

Default settings:

  • Message limit: 40 messages
  • Time window: 150 seconds (2.5 minutes)
  • Message: "Too many messages in a row"

IP Blacklist

Block specific IP addresses from interacting with your chatbot. This is useful when you identify abusive users or want to prevent access from specific sources.

To add an IP to the blacklist:

  1. Select the IP Blacklist tab
  2. Enter the IP address (IPv4 or IPv6 format supported)
  3. Optionally add a reason for blocking
  4. Click Add

IP Blacklist manager

To remove an IP from the blacklist:

  1. Find the IP in the blocked IPs table
  2. Click the Remove button next to the entry

The table shows:

  • IP Address
  • Reason (if provided)
  • Date Added
  • Remove action

Country Blacklist

Block all traffic from specific countries. This feature is useful when you receive significant spam or abuse from particular regions, or when your service is only available in certain countries.

To block a country:

  1. Select the Country Blacklist tab
  2. Choose a country from the dropdown (278 countries available)
  3. Optionally add a reason for blocking
  4. Click Add

Country Blacklist manager

To unblock a country:

  1. Find the country in the blocked countries table
  2. Click the Remove button next to the entry

Security Violations Log

The Security Violations Log shows a history of security events detected by your chatbot. This read-only log helps you monitor potential threats and verify that your security settings are working correctly.

Security Violations Log

Log columns:

  • Date/Time - When the violation occurred
  • IP Address - The source IP of the violation
  • Country - Country code of the IP (if detected)
  • Rule - Which security rule was triggered
  • Action - What action was taken
  • Duration - How long the block lasts (for temporary blocks)

Action types explained:

Action Description
BLOCKED_TEMPORARY IP temporarily blocked due to rate limiting or suspicious activity
BLOCKED_PERMANENT IP permanently blocked

Click the Refresh button to load the latest security events.