Back to Documentation

Advanced Settings

Fine-tune fraud detection, blocking behavior, and geographic targeting.

IP Whitelist & Blacklist

Overview

IP lists let you manually control which visitors are always allowed or always blocked, regardless of their fraud score.

Whitelist
IPs that bypass all fraud detection rules
Blacklist
IPs that are automatically blocked

Adding IP Addresses

  1. Open Property Settings

    Navigate to your property and click on the "IP Lists" tab.

  2. Choose Whitelist or Blacklist

    Select the appropriate tab for the type of list you want to add to.

  3. Enter IP Address

    Enter a single IP (e.g., 192.168.1.1) or a CIDR range (e.g., 10.0.0.0/24).

  4. Add Note (Optional)

    Add a note to remember why this IP was added (e.g., "Office network").

Bulk Import via CSV

Import multiple IP addresses at once using a CSV file.

# CSV format (one IP per line, optional note):
192.168.1.1, Office IP
10.0.0.0/24, Corporate network
172.16.0.50

Click the "Import CSV" button and select your file. Invalid IPs will be skipped.

Common Use Cases

Whitelist: Your Office Network

Add your office IP range to prevent internal traffic from being flagged.

Whitelist: Known Partners

Allow traffic from trusted partners or affiliates that might otherwise trigger detection rules.

Blacklist: Known Bad Actors

Block IPs that you've identified as fraudulent from your own analysis.

Blacklist: Competitor IPs

Block competitor networks that might be clicking on your ads.

Blocking Mode

Available Modes

Choose how ClickDefender handles visitors who exceed the fraud threshold.

Off (Track Only)

ClickDefender monitors and scores visitors but takes no action. Use this mode to observe fraud patterns before enabling blocking.

Warn

Display a warning banner to suspicious visitors. They can still access your site, but you've indicated you're watching.

Block

Completely block visitors who exceed the fraud threshold. They'll see your custom message or be redirected to another URL.

Block Configuration

When blocking is enabled, you can customize what blocked visitors see:

Custom Block Message

Set a custom message shown to blocked visitors (e.g., "Access denied due to suspicious activity").

Redirect URL

Optionally redirect blocked visitors to another page instead of showing a message. Useful for showing a custom "blocked" page or sending them to your homepage.

Tip: Start with "Track Only" mode to establish a baseline of fraud patterns, then gradually enable "Warn" and eventually "Block" once you're confident in the detection accuracy.

Detection Rules

Available Rules

Each rule can be enabled/disabled and have its score contribution adjusted

Rapid Clicks
Detects unusually fast clicking patterns typical of bots
+25
Low Dwell Time
Flags visitors who click too quickly after page load
+20
Datacenter IP
Identifies traffic from cloud providers and data centers
+30
VPN/Proxy
Detects traffic routed through VPNs or proxy servers
+15
Suspicious Fingerprint
Identifies browser fingerprints that match known bots
+20
Honeypot Click
Catches bots that click on hidden honeypot elements
+100
Geo Mismatch
Flags when timezone doesn't match IP location
+25
Behavioral Anomaly
Detects unusual scrolling and mouse patterns
+15

Tuning Rules

Each rule can be customized in your property settings:

  • Enable/Disable: Turn rules on or off based on your traffic patterns. For example, disable VPN detection if you expect legitimate VPN traffic.
  • Adjust Score: Increase or decrease the score contribution (5-100). Higher scores make that rule more impactful on the final fraud score.

Pro tip: If you're seeing too many false positives from a specific rule, reduce its score rather than disabling it entirely. This way you still get the signal without it dominating the decision.

Score Thresholds

Understanding Thresholds

ClickDefender uses two thresholds to classify visitors:

Suspicious Threshold
40

Visitors at or above this score are flagged as suspicious. They may see warnings or be challenged (if warn mode is enabled).

Fraud Threshold
70

Visitors at or above this score are classified as fraud. They will be blocked (if block mode is enabled).

Adjusting Thresholds

Fine-tune thresholds based on your risk tolerance:

Lower Thresholds (More Aggressive)

Catches more fraud but may increase false positives. Good for high-value campaigns where every fraudulent click is expensive.

Higher Thresholds (Less Aggressive)

Reduces false positives but may let some fraud through. Good when you want to be absolutely certain before blocking.

Important: The suspicious threshold must always be lower than the fraud threshold. Leave at least a 5-point gap between them.

Geographic Targeting

Country-Based Filtering

Control which countries can access your protected pages.

Allow List Mode

Only allow traffic from specified countries. All other countries are blocked.

Block List Mode

Block traffic from specified countries. All other countries are allowed.

Configuration

Enter ISO 3166-1 alpha-2 country codes, separated by commas:

US, GB, CA, AU, DE

Common country codes:

US - United States
GB - United Kingdom
CA - Canada
AU - Australia
DE - Germany
FR - France
JP - Japan
IN - India

Tip: If your Google Ads campaign only targets the US and UK, use Allow List mode with "US, GB" to block all other countries.

Blocklist Export

Export Blocked IPs

Export your blocklist for manual import into ad platforms or other systems.

  1. Navigate to your property dashboard
  2. Go to the "Visitors" tab
  3. Click "Export Blocklist"
  4. Choose your format (CSV or TXT)

Export Formats

CSV Format
ip,score,detected_at,reasons
192.168.1.100,85,2024-01-05T14:30:00Z,"datacenter_ip,rapid_clicks"
10.0.0.50,72,2024-01-05T12:15:00Z,"vpn_detected,honeypot"
Plain Text (for Google Ads)
192.168.1.100
10.0.0.50
172.16.0.25

API Export

Programmatically fetch your blocklist via API:

GET /api/clickdefender/property/{propertyId}/blocklist

Headers:
  Authorization: Bearer YOUR_API_KEY

Query Parameters:
  format: "json" | "csv" | "txt" (default: json)
  minScore: number (default: 70)
  limit: number (default: 500, max: 1000)

Automation tip: Use the API to automatically sync your blocklist to systems that don't have native integrations. Set up a cron job to fetch and update your lists periodically.

Need Help?

Questions about advanced settings? We're here to help.