block referrer spam in apache

How to Block Referrer Spam with .htaccess

Sometimes you may need to block referrer spam from your website. You can easily do this using .htaccess that allows you to block traffic by inspecting its referrer. In this article, we will look at how to block referrer spam with .htaccess.


How to Block Referrer Spam with .htaccess

Here are the steps to block referrer spam with .htaccess. Please ensure that you have enabled mod_rewrite (htaccess) before you proceed. Here are the steps to do it.


1. Open .htaccess file

Open terminal and run the following command to open .htaccess file for your website.

$ sudo vi /var/www/html/.htaccess


2. Block Referrer Spam

Let us say you want to block a particular referrer www.spamsite.com from visiting your website. In such cases, add the following lines to block referrer spam on your website. Replace www.spamsite.com below with your choice of referrer.

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} www\.spamsite\.com [NC,OR]
RewriteRule .* – [F]

Let us look at the above code in detail. The first line enabled mod_rewrite. The second line is commented. Uncomment it by removing # at its beginning, if you get 500 server error response while using the above code as is. It may be because FollowSymLinks may not be configured in your server configuration file httpd.conf. Otherwise, you can leave it commented.

The third line checks the request’s referrer value. If it is www.spamsite.com then the fourth line returns 403 Access Forbidden response message to all matching requests.

If you want to block multiple referrers spamsite1.com, spamsite2.com, spamsite3.com from your website, then add the following lines to your .htaccess file.

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} spamsite1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} spamsite2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} spamsite3\.com
RewriteRule .* – [F]

In this case, you need to provide a separate RewriteCond rule for each referrer that you want to block. You may also rewrite the above code as shown below, combining all referrer names using pipe (|) operator.

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} spamsite1\.com | spamsite2\.com | spamsite3\.com [NC,OR]
RewriteRule .* – [F]

You can easily find out all referrers hitting your website by logging into Google Analytics. Then

  1. Click on Reporting tab
  2. Click Audience option from left sidebar menu
  3. Click Technology dropdown and Network option
  4. Select Hostname as Primary Dimension in Google Analytics report

This should list all the referrers sending traffic to your website. Some may be good bots, while some may be malicious.


3. Restart Apache Server

Restart Apache server to apply changes.

$ sudo service apache2 restart

In this article, we have learnt the different ways to block referrer spam to your website.

Also read:

How to Serve Static Files from Different Folder in NGINX
How to Pass Parameters to Shell Script Functions
How to Force NGINX to Serve New Static Files
How to Enable CORS in Django Project
How to Redirect with Query String in Apache