# Filters
Filters let you block or flag content based on specific words, domains, emails, or regex patterns. To use filters in moderation, you first **create a blocklist**, then **attach it to a moderation policy**.
## Create a Blocklist
Create a custom blocklist with a name, type, and list of entries.
```js
// Create a word blocklist
await client.createBlockList({
name: "profanity_custom",
words: ["badword1", "badword2", "offensive"],
type: "word",
});
// Create a domain blocklist
await client.createBlockList({
name: "blocked_domains",
words: ["spam-site.com", "phishing.net"],
type: "domain",
});
// Create a regex filter
await client.createBlockList({
name: "phone_numbers",
words: ["\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b"],
type: "regex",
});
// Create a domain allowlist (only these domains are permitted)
await client.createBlockList({
name: "trusted_domains",
words: ["myapp.com", "getstream.io"],
type: "domain_allowlist",
});
// Create an email allowlist
await client.createBlockList({
name: "approved_emails",
words: ["support@myapp.com", "info@myapp.com"],
type: "email_allowlist",
});
```
```python
# Create a word blocklist
client.create_block_list(
name="profanity_custom",
words=["badword1", "badword2", "offensive"],
type="word",
)
# Create a domain blocklist
client.create_block_list(
name="blocked_domains",
words=["spam-site.com", "phishing.net"],
type="domain",
)
# Create a regex filter
client.create_block_list(
name="phone_numbers",
words=["\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b"],
type="regex",
)
# Create a domain allowlist (only these domains are permitted)
client.create_block_list(
name="trusted_domains",
words=["myapp.com", "getstream.io"],
type="domain_allowlist",
)
# Create an email allowlist
client.create_block_list(
name="approved_emails",
words=["support@myapp.com", "info@myapp.com"],
type="email_allowlist",
)
```
```go
// Create a word blocklist
client.CreateBlockList(ctx, &getstream.CreateBlockListRequest{
Name: "profanity_custom",
Words: []string{"badword1", "badword2", "offensive"},
Type: getstream.PtrTo("word"),
})
// Create a domain blocklist
client.CreateBlockList(ctx, &getstream.CreateBlockListRequest{
Name: "blocked_domains",
Words: []string{"spam-site.com", "phishing.net"},
Type: getstream.PtrTo("domain"),
})
// Create a regex filter
client.CreateBlockList(ctx, &getstream.CreateBlockListRequest{
Name: "phone_numbers",
Words: []string{`\b\d{3}[-.]?\d{3}[-.]?\d{4}\b`},
Type: getstream.PtrTo("regex"),
})
// Create a domain allowlist (only these domains are permitted)
client.CreateBlockList(ctx, &getstream.CreateBlockListRequest{
Name: "trusted_domains",
Words: []string{"myapp.com", "getstream.io"},
Type: getstream.PtrTo("domain_allowlist"),
})
// Create an email allowlist
client.CreateBlockList(ctx, &getstream.CreateBlockListRequest{
Name: "approved_emails",
Words: []string{"support@myapp.com", "info@myapp.com"},
Type: getstream.PtrTo("email_allowlist"),
})
```
```java
// Create a word blocklist
client.createBlockList(CreateBlockListRequest.builder()
.name("profanity_custom")
.words(List.of("badword1", "badword2", "offensive"))
.type("word")
.build()).execute();
// Create a domain blocklist
client.createBlockList(CreateBlockListRequest.builder()
.name("blocked_domains")
.words(List.of("spam-site.com", "phishing.net"))
.type("domain")
.build()).execute();
// Create a regex filter
client.createBlockList(CreateBlockListRequest.builder()
.name("phone_numbers")
.words(List.of("\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b"))
.type("regex")
.build()).execute();
// Create a domain allowlist (only these domains are permitted)
client.createBlockList(CreateBlockListRequest.builder()
.name("trusted_domains")
.words(List.of("myapp.com", "getstream.io"))
.type("domain_allowlist")
.build()).execute();
// Create an email allowlist
client.createBlockList(CreateBlockListRequest.builder()
.name("approved_emails")
.words(List.of("support@myapp.com", "info@myapp.com"))
.type("email_allowlist")
.build()).execute();
```
```php
// Create a word blocklist
$client->createBlockList(new CreateBlockListRequest(
name: 'profanity_custom',
words: ['badword1', 'badword2', 'offensive'],
type: 'word',
));
// Create a domain blocklist
$client->createBlockList(new CreateBlockListRequest(
name: 'blocked_domains',
words: ['spam-site.com', 'phishing.net'],
type: 'domain',
));
// Create a regex filter
$client->createBlockList(new CreateBlockListRequest(
name: 'phone_numbers',
words: ['\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b'],
type: 'regex',
));
// Create a domain allowlist (only these domains are permitted)
$client->createBlockList(new CreateBlockListRequest(
name: 'trusted_domains',
words: ['myapp.com', 'getstream.io'],
type: 'domain_allowlist',
));
// Create an email allowlist
$client->createBlockList(new CreateBlockListRequest(
name: 'approved_emails',
words: ['support@myapp.com', 'info@myapp.com'],
type: 'email_allowlist',
));
```
```ruby
# Create a word blocklist
client.create_block_list(GetStream::Generated::Models::CreateBlockListRequest.new(
name: "profanity_custom",
words: ["badword1", "badword2", "offensive"],
type: "word"
))
# Create a domain blocklist
client.create_block_list(GetStream::Generated::Models::CreateBlockListRequest.new(
name: "blocked_domains",
words: ["spam-site.com", "phishing.net"],
type: "domain"
))
# Create a regex filter
client.create_block_list(GetStream::Generated::Models::CreateBlockListRequest.new(
name: "phone_numbers",
words: ['\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b'],
type: "regex"
))
# Create a domain allowlist (only these domains are permitted)
client.create_block_list(GetStream::Generated::Models::CreateBlockListRequest.new(
name: "trusted_domains",
words: ["myapp.com", "getstream.io"],
type: "domain_allowlist"
))
# Create an email allowlist
client.create_block_list(GetStream::Generated::Models::CreateBlockListRequest.new(
name: "approved_emails",
words: ["support@myapp.com", "info@myapp.com"],
type: "email_allowlist"
))
```
```csharp
// Create a word blocklist
await client.CreateBlockListAsync(new CreateBlockListRequest
{
Name = "profanity_custom",
Words = new List { "badword1", "badword2", "offensive" },
Type = "word",
});
// Create a domain blocklist
await client.CreateBlockListAsync(new CreateBlockListRequest
{
Name = "blocked_domains",
Words = new List { "spam-site.com", "phishing.net" },
Type = "domain",
});
// Create a regex filter
await client.CreateBlockListAsync(new CreateBlockListRequest
{
Name = "phone_numbers",
Words = new List { @"\b\d{3}[-.]?\d{3}[-.]?\d{4}\b" },
Type = "regex",
});
// Create a domain allowlist (only these domains are permitted)
await client.CreateBlockListAsync(new CreateBlockListRequest
{
Name = "trusted_domains",
Words = new List { "myapp.com", "getstream.io" },
Type = "domain_allowlist",
});
// Create an email allowlist
await client.CreateBlockListAsync(new CreateBlockListRequest
{
Name = "approved_emails",
Words = new List { "support@myapp.com", "info@myapp.com" },
Type = "email_allowlist",
});
```
### Request Parameters
| key | required | type | description |
| ----------------------- | -------- | ------- | ---------------------------------------------------------------------------------------------------- |
| name | true | string | Unique name for the blocklist (max 255 characters). |
| words | true | array | List of words, domains, emails, or regex patterns (max 10,000 entries). |
| type | false | string | Filter type: `word` (default), `domain`, `domain_allowlist`, `email`, `email_allowlist`, or `regex`. |
| is_leet_check_enabled | false | boolean | Detect leet speak bypass attempts (e.g., `h4ck3r` → `hacker`). Word type only. |
| is_plural_check_enabled | false | boolean | Detect singular/plural forms (e.g., `cat` matches `cats`). Word type only. |
| team | false | string | Team ID for multi-tenant blocklists. |
## Update a Blocklist
Replace the word list or settings of an existing blocklist.
```js
await client.updateBlockList({
name: "profanity_custom",
words: ["badword1", "badword2", "offensive", "newword"],
is_leet_check_enabled: true,
is_plural_check_enabled: true,
});
```
```python
client.update_block_list(
name="profanity_custom",
words=["badword1", "badword2", "offensive", "newword"],
is_leet_check_enabled=True,
is_plural_check_enabled=True,
)
```
```go
client.UpdateBlockList(ctx, "profanity_custom", &getstream.UpdateBlockListRequest{
Words: []string{"badword1", "badword2", "offensive", "newword"},
IsLeetCheckEnabled: getstream.PtrTo(true),
IsPluralCheckEnabled: getstream.PtrTo(true),
})
```
```java
client.updateBlockList("profanity_custom", UpdateBlockListRequest.builder()
.words(List.of("badword1", "badword2", "offensive", "newword"))
.isLeetCheckEnabled(true)
.isPluralCheckEnabled(true)
.build()).execute();
```
```php
$client->updateBlockList('profanity_custom', new UpdateBlockListRequest(
words: ['badword1', 'badword2', 'offensive', 'newword'],
isLeetCheckEnabled: true,
isPluralCheckEnabled: true,
));
```
```ruby
client.update_block_list("profanity_custom", GetStream::Generated::Models::UpdateBlockListRequest.new(
words: ["badword1", "badword2", "offensive", "newword"],
is_leet_check_enabled: true,
is_plural_check_enabled: true
))
```
```csharp
await client.UpdateBlockListAsync("profanity_custom", new UpdateBlockListRequest
{
Words = new List { "badword1", "badword2", "offensive", "newword" },
IsLeetCheckEnabled = true,
IsPluralCheckEnabled = true,
});
```
## List Blocklists
```js
const response = await client.listBlockLists();
```
```python
response = client.list_block_lists()
```
```go
response, err := client.ListBlockLists(ctx, &getstream.ListBlockListsRequest{})
```
```java
var response = client.listBlockLists().execute();
```
```php
$response = $client->listBlockLists();
```
```ruby
response = client.list_block_lists
```
```csharp
var response = await client.ListBlockListsAsync();
```
## Get a Blocklist
```js
const response = await client.getBlockList({ name: "profanity_custom" });
```
```python
response = client.get_block_list("profanity_custom")
```
```go
response, err := client.GetBlockList(ctx, "profanity_custom", &getstream.GetBlockListRequest{})
```
```java
var response = client.getBlockList("profanity_custom").execute();
```
```php
$response = $client->getBlockList('profanity_custom');
```
```ruby
response = client.get_block_list("profanity_custom")
```
```csharp
var response = await client.GetBlockListAsync("profanity_custom");
```
## Delete a Blocklist
```js
await client.deleteBlockList({ name: "profanity_custom" });
```
```python
client.delete_block_list("profanity_custom")
```
```go
client.DeleteBlockList(ctx, "profanity_custom", &getstream.DeleteBlockListRequest{})
```
```java
client.deleteBlockList("profanity_custom").execute();
```
```php
$client->deleteBlockList('profanity_custom');
```
```ruby
client.delete_block_list("profanity_custom")
```
```csharp
await client.DeleteBlockListAsync("profanity_custom");
```
## Attach a Blocklist to a Policy
Once created, attach your blocklist to a moderation policy to activate it. Each rule specifies the blocklist name and the action to take when matched.
```js
await client.moderation.upsertConfig({
key: "chat:messaging",
block_list_config: {
rules: [
{ name: "profanity_custom", action: "remove" },
{ name: "blocked_domains", action: "flag" },
{ name: "phone_numbers", action: "flag" },
],
},
});
```
```python
client.moderation().upsert_config(
key="chat:messaging",
block_list_config=BlockListConfig(
rules=[
BlockListRule(name="profanity_custom", action="remove"),
BlockListRule(name="blocked_domains", action="flag"),
BlockListRule(name="phone_numbers", action="flag"),
],
),
)
```
```go
client.Moderation().UpsertConfig(ctx, &getstream.UpsertConfigRequest{
Key: "chat:messaging",
BlockListConfig: &getstream.BlockListConfig{
Rules: []getstream.BlockListRule{
{Name: "profanity_custom", Action: "remove"},
{Name: "blocked_domains", Action: "flag"},
{Name: "phone_numbers", Action: "flag"},
},
},
})
```
```java
client.moderation().upsertConfig(UpsertConfigRequest.builder()
.key("chat:messaging")
.blockListConfig(BlockListConfig.builder()
.rules(List.of(
BlockListRule.builder().name("profanity_custom").action("remove").build(),
BlockListRule.builder().name("blocked_domains").action("flag").build(),
BlockListRule.builder().name("phone_numbers").action("flag").build()))
.build())
.build()).execute();
```
```php
$client->moderation()->upsertConfig(new UpsertConfigRequest(
key: 'chat:messaging',
blockListConfig: new BlockListConfig(
rules: [
new BlockListRule(name: 'profanity_custom', action: 'remove'),
new BlockListRule(name: 'blocked_domains', action: 'flag'),
new BlockListRule(name: 'phone_numbers', action: 'flag'),
],
),
));
```
```ruby
client.moderation.upsert_config(GetStream::Generated::Models::UpsertConfigRequest.new(
key: "chat:messaging",
block_list_config: GetStream::Generated::Models::BlockListConfig.new(
rules: [
GetStream::Generated::Models::BlockListRule.new(name: "profanity_custom", action: "remove"),
GetStream::Generated::Models::BlockListRule.new(name: "blocked_domains", action: "flag"),
GetStream::Generated::Models::BlockListRule.new(name: "phone_numbers", action: "flag"),
]
)
))
```
```csharp
await client.Moderation.UpsertConfigAsync(new UpsertConfigRequest
{
Key = "chat:messaging",
BlockListConfig = new BlockListConfig
{
Rules = new List
{
new() { Name = "profanity_custom", Action = "remove" },
new() { Name = "blocked_domains", Action = "flag" },
new() { Name = "phone_numbers", Action = "flag" },
},
},
});
```
## Filter Types
| Type | `type` value | Description |
| ---------------- | ------------------ | --------------------------------------------------------------------------------- |
| Word Blocklist | `word` | Exact word matching (case-insensitive). Supports leet speak and plural detection. |
| Domain Blocklist | `domain` | Blocks URLs by domain suffix matching. Ignores scheme and path. |
| Domain Allowlist | `domain_allowlist` | Only allows URLs from listed domains. Blocks everything else. |
| Email Blocklist | `email` | Blocks exact email addresses. |
| Email Allowlist | `email_allowlist` | Only allows listed email addresses. Blocks everything else. |
| Regex | `regex` | Pattern matching with regular expressions. Max 100 patterns per filter. |
### Word Matching
Word blocklists match exact words (case-insensitive). Adjacent punctuation is ignored, but partial word matches are not.
For a blocklist containing `dogs`, `house`:
- `"Dogs, are great"` — matches (case-insensitive, ignores comma)
- `"I live in a lighthouse"` — does **not** match (no partial match on `house`)
With **leet speak detection** enabled: `d0g` matches `dog`, `w0m@n` matches `woman`.
With **plural detection** enabled: `houses` matches `house`, `dog` matches `dogs`.
### Domain Matching
Domain filters match the suffix of URLs. `gmail.com` matches `https://gmail.com`, `http://support.gmail.com`, etc. A more specific filter like `messenger.facebook.com` only matches that subdomain.
### Regex Matching
Regex filters support standard regular expression syntax. Tips:
- Use `(?i)` for case-insensitive matching
- Use `\b` for whole-word boundaries
- Escape special characters with `\`
- Max 100 patterns per filter, max 60 characters per pattern
## Limits
| Limit | Value |
| -------------------------------- | --------------------------- |
| Max blocklists per app | 20 (100 with multi-tenancy) |
| Max words per blocklist | 10,000 |
| Max regex patterns per blocklist | 100 |
| Max characters per word | 40 |
| Max characters per regex pattern | 60 |
---
This page was last updated at 2026-04-16T18:29:43.799Z.
For the most recent version of this documentation, visit [https://getstream.io/moderation/docs/dotnet-csharp/configuration/filters/](https://getstream.io/moderation/docs/dotnet-csharp/configuration/filters/).