How to block referrer spam with htaccess file

To find out if your website stats are already being affected by referrer spam please read our blog post Is referrer spam affecting your website metrics?

Many websites are hosted on web servers that use .htaccess files to control how the server should behave in response to specific requests. The .htaccess file is found in the root of your site directory and can be accessed either by FTP, SSH or web admin control panel such as cPanel. There are two possible methods to block referrer spam to your site using the .htaccess file: mod_rewrite or mod_setenvif.

You can find instructions on how to block referrer spam with htaccess file methods below:

The following instructions are technical by their very nature and should not be attempted by anyone other than an experienced webmaster, coder/developer. We cannot be held responsible for any detrimental effects and we do not provide unpaid support for these or any other instructions. Always take a backup!

In the “single referrer” example below, “badsite\.com” is the domain you wish to block. Note the backslash proceeding the period (“.”) to actually denote a period, as in Regular Expressions, a period denotes any character, which is not what we want. The flag “[NC]” is added to the end of the domain to make it case insensitive, so whether the domain is “badsite.com”, “Badsite.com” etc, however bad it gets, it gets blocked. Finally, the last line in the .htaccess file specifies that the action to take when a match is found is to fail the request, meaning the referrer traffic will hit a 403 Forbidden error.

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteRule .* – [F]

To block multiple referrers, you can add multiple ‘RewriteCond’ statments, but omitting the [NC,OR]

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherbadsite\.com

RewriteRule .* – [F]

Now, you may have noticed the line “Options +FollowSymlinks” above, which is commented. Uncomment this line (by removing the # character) if your server isn’t configured with FollowSymLinks in its section in httpd.conf, and you get a 500 Internal Server error when using the code above as is.

Related blog posts

Is referrer spam affecting your website metrics?
How to block referrer spam in Google Analytics
How to block referrer spam with a WordPress plugin

Share this article

Related Blogs

10Jan 18 

Are people leaving my website? Find out with Google Analytics

You might have looked at how many people are visiting your website, but do you also pay attention to how many are leaving?Using Google Analytics to find out where people leave Google Analytics can give you insight into where people are leaving your website, and you can then do a bit of detective work to try and work out why that might be. Here's three metrics to look at. Related blog: Learn how to set up Google Analytics1) Exit pages Go to 'Behaviour > Site Content > All Pages' and cli...

15Jan 16 

How to set up Google Analytics

Measuring your progress is an essential part of any successful digital marketing strategy. Google Analytics is a great free tool for measuring and analysing your web traffic, plus it’s fairly straightforward to get set up. If you’ve never used it before, here’s how to get started... Sign up to Google Analytics If you don’t already use any Google services, you will need to create a Google account at google.com/analytics. Ignore all the stuff about premium and sign up for a free account...

25Feb 14 

How to exclude internal traffic from Google Analytics

Memo to all marketers: remove staff visits from your website traffic! This blog post was last updated on 11 March 2016 to include changes made to Google Analytics prior to this date. The heaviest users of a website tend to be people from within the organisation. So it makes sense to remove this group from your Google Analytics traffic otherwise your visitor figures will be artificially inflated by internal use. Your data will also be skewed by their behaviour, and have a detrimental effect on ...

Join Our Mailing List