Interaction of Registration Whitelist and Blacklist

Discourse provides for registration whitelists and blacklists, but the interaction of these could be improved.


  • if only a whitelist is provided then only registrants from those domains will be accepted. All others will receive a rejection.
  • if only a blacklist is provided, then all registrations will be accepted unless registrant is from one of the blacklisted domains
  • if both blacklist and whitelists are provided then only the ‘whitelist rule’ applies and the blacklist is not operative.

I would like to see what I imagine to be a simple tweak to the code by which the whitelist and blacklist rules are applied in sequence, thereby providing a residual third group of ‘grey’ registrants (i.e. not on either whitelist or blacklist) who could be subject to different treatment such as manual review for acceptance/rejection.

This would have been highly valuable in my use case of known good domains (unique to my community), known bad domains (generally common with other communities) and then a small residual of registrants that are probably good but require further analysis.

So you’re asking that the whitelist bypasses account approval when using must approve users to cater for the grey?

1 Like


white go directly through. the remainder go for approval unless they are covered by the blacklist in which case they should be rejected.

Note that if you have 35,000 entries (per your previous replies?) in the list, none of this is going to work anyway.

1 Like

OK. Limit to whitelist size? The 35,000 is the number of organisations who would be candidates for membership in our community. The intention was to allow members from those organisations to register without further qualification/approval.

It might be wise to consider some form of IdM to handle SSO and do this for you. Once you get to that scale it’s almost always worth spinning identity and sign-in out.


we will go the whitelist only track. what is the recommended limit on the number of domains that we can include? would this vary if we were under a different hosting plan?

also, we would like to change the ‘error’ message when someone tries to register with a non-whitelist domain; is this configurable?