Prosopo Logo

Access Control

Access Control is a powerful tool that allows you to create and manage rules for controlling access to your website. By defining specific criteria, you can ensure that only legitimate users can interact with your content, while blocking unwanted bot traffic and spam.

Prosopo Access rules can be configured manually to block traffic based on a variety of criteria, such as IP, geo-location, browser, device, TLS-fingerprint and more. Rules can also be created dynamically to ensure that evolving threats are kept at bay.

Request a Demo →
Access Control

Why Access Controls are the ideal choice

Access Controls allow you to dynamically block bots by automatically creating rules based on user behavior.

No personal data collection

Unlike traditional bot protection services, our system collects and stores the least amount of personal data, protecting user privacy.

Enhanced security and user experience

Prevent bots and spam without compromising user trust. Access rules restrict unwanted traffic, ensuring your server resources are available for genuine users.

Easy integration

Enjoy a simple implementation process for websites of all sizes. It's designed to work seamlessly with various platforms through the use of a single line of JavaScript - no DNS changes required.

The benefits of choosing Prosopo Access Control

Customizable rules

Create tailored rules to meet your specific security needs based around IP Address, Geo-location, User-Agent, Device, JA4 Fingerprints, Header Hashes, and more.

Real-time protection

Protect your website from bots and spam in real-time with dynamically changing rules.

User-friendly interface

Easily manage and update custom access rules with a simple interface.

AI-driven insights

Turbo-charge your protection by enabling AI-assisted rule generation and implementation, reducing your security team's burden.

GDPR compliance

Our privacy policy complies with the law and guidelines of GDPR.

How Prosopo Access Control works

An access rule combines one or more conditions with a policy. When a verification request matches every condition in a rule, the policy is applied instead of your site's default challenge. Rules are evaluated by specificity — a more precisely targeted rule always wins over a broader one — so you can layer broad defaults with surgical overrides.

Each rule has an expiry, which makes Access Control just as useful for short, sharp responses to live attacks as it is for long-running policy.

What you can match on

Conditions describe who the rule applies to. You can mix and match any of the fields below in a single rule.

FieldWhat it matchesExample use
IP addressA single IPv4 addressBlock a specific abuser
IP range (CIDR)A subnet such as 192.168.1.0/24Restrict a VPN gateway or corporate network
ASNAn Autonomous System Number, i.e. a hosting provider, ISP or VPN networkThrottle traffic from a noisy cloud host without listing every IP it owns
CountryStandard two-letter country codeApply tighter rules to regions seeing high abuse
User AgentThe browser or client string sent by the requestBlock headless browsers and scripted clients
JA4 fingerprintA TLS-level fingerprint of the clientCatch automation tooling that varies its User Agent but not its TLS stack
User IDAn identifier you pass through your integrationApply per-user policies for known accounts

What you can do when a rule matches

When a rule matches, you choose how to respond:

  • Block — fail the verification outright. Use this for known-bad sources.
  • Require an image challenge — present an image CAPTCHA with a configurable number of rounds. Useful for suspicious-but-not-confirmed traffic.
  • Require Proof of Work — issue a computational challenge at a difficulty you choose. Slows automation down without asking the user to click anything.

Built for incident response and long-term policy

Because every rule carries an expiry, Access Control fits two very different jobs:

  • Live incident response. When an attack starts, drop in a short-lived rule (minutes or hours) targeting the offending IP range, ASN or fingerprint. The rule lapses on its own once the wave is over — no cleanup, no risk of forgotten overrides.
  • Standing policy. Long-running rules let you encode business decisions: stricter checks for high-risk regions, custom challenges for partner networks, allow-by-default for trusted user IDs.

How Prosopo Access Control compares

Prosopo Access ControlTraditional WAF rulesreCAPTCHA / hCaptcha
Block by ASN / hosting networkLimited
Block by TLS (JA4) fingerprintRarely
Per-rule custom challenge (image rounds, PoW difficulty)
Rule expiry built inManual cleanupN/A
GDPR-compliant data handlingVaries
No DNS changes requiredDNS-routed

Common use cases

Configuration reference

Detailed field formats, policy options and rule-matching behaviour are documented in the Access Control Rules reference.

Request a Demo of Prosopo Access Control

Access Control is part of our Enterprise product. Please contact our sales team who will be happy to provide you with a quote.

Tell us about your bot problem

We'll get back to you straight away

By submitting this form, you agree to our Privacy Policy and Terms of Service

Trusted by companies of all sizes

1000+
active websites
1B+
monthly secure verifications
100M+
bots stopped per month
Request a Demo →

Our customers love us

Hundreds of businesses have made the switch from reCAPTCHA and hCaptcha to us. Here's what they have to say.

T
Theo
Prosopo's CAPTCHA widget
I've installed Prosopo's CAPTCHA widget on my website to filter out spam from my contact form. Getting it working was a little bit tricky but the support from Chris has been first class.
I wanted to use a CAPTCHA which was as easy as possible for my website's visitors while respecting their privacy and which didn't use cookies. Prosopo's CAPTCHA meets all these criteria.
Update - after more than a week I haven't had a single spam form submission.
31 Mar 2025
N
Nathan G
Effortless Integration and Outstanding Support with Procaptcha
I use Procaptcha with React. Procaptcha has been very easy to implement as they maintain a wrapper component that can be easily pulled from NPM. They have incredible customer service and are happy to answer any questions I have or help their community with their product. The component itself is flexible, allows styling with inline CSS, and even allows for theming. The puzzle is also not too difficult to solve and is a great middle ground as far as Captchas go. I originally came from using Cloudflare Turnstile and hCaptcha and have enjoyed my experience with Procaptcha significantly more.
11 Aug 2025
D
Damjan
Amazing experience
Switching to Prosopo's Procaptcha was a massive improvement over other solutions we've previously tried which include hCaptcha and reCaptcha.

We managed to greatly reduce the friction and churn rate of our users
29 Apr 2025
Request a Demo →

Frequently Asked Questions

What is Access Control?

Access Controls are customizable rules that help you control access to your website. They allow you to define specific criteria for granting or denying access, ensuring that only legitimate users can interact with your content.

How does Access Control work?

Access Control works by evaluating user behavior and interactions against predefined criteria. If a user's actions match the criteria for blocking, they will be denied access, while legitimate users will be allowed through.

Can I customize the Access Rules?

Yes, you can customize the Access Rules based on your specific needs and business requirements. This flexibility allows you to tailor the rules to align with your security policies.

Register now →

What else can Prosopo protect for you?

No matter the threat, we have a solution to keep your business safe.
PRODUCT
Access Control
Prosopo's Access Control dynamically generates rules to protect your website from bots and spam.
Learn more
Access Control
PRODUCT
API Protection
Stop automated abuse of your API endpoints with Prosopo's bot-aware verification and access control.
Learn more
API Protection
PRODUCT
Procaptcha - GDPR Compliant CAPTCHA
With Prosopo's GDPR friendly captcha, enjoy seamless website security. Protect users, prevent bots, and stay compliant - all while keeping it simple.
Learn more
Procaptcha - GDPR Compliant CAPTCHA
PRODUCT
Invisible CAPTCHA
Prosopo's Invisible CAPTCHA provides seamless bot protection without disrupting the user experience.
Learn more
Invisible CAPTCHA
PRODUCT
Risk Scoring
Prosopo's Risk Scoring provides real-time analysis of user behavior to identify potential threats.
Learn more
Risk Scoring
PRODUCT
Spam Filter
Prosopo's Spam Filter blocks fake signups, throwaway emails, and abusive networks before they reach your forms.
Learn more
Spam Filter