How to block referrer spam traffic

Referrer spam has always been a nuisance, specially if you have some traffic restrictions on your hosting. The referral traffic robs your site from the precious bandwidth allocated (also know as Bandwidth Theft). Also with a large number of spam traffic, legitimate users will be greeted with a slow and sometimes non responsive site.

Htaccess enables one to block certain referrer sites and prevent referrer spam. The following post list some techniques to do so. One way to prevent referrer spam is to force a error and stop any further redirection. Note that the following requires that ‘mod_rewrite’ is enabled on your server.

RewriteCond %{HTTP_REFERER} sitetoblock\.com [NC]
RewriteRule .* - [F,L]

The above lines tells the Apache Server to block traffic from the URL ‘’. The ‘[NC]’ flag specifies that the referrer site url is not case-sensitive. The ‘F’ flag in [F,L] returns a ‘403 Forbidden’ error, while the ‘L’ flag stops further processing.

Another method is to redirect the traffic to another website, most probably a public website like Google (although I would not recommend this).

RewriteCond %{HTTP_REFERER} sitetoblock\.com [NC]
RewriteRule .* [R,L]

Or force it back to the referrer site.

RewriteCond %{HTTP_REFERER} sitetoblock\.com [NC]
RewriteRule .* %{HTTP_REFERER} [R,L]

To block multiple referrers one can use the [OR] flag.

RewriteCond %{HTTP_REFERER} sitetoblock1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} sitetoblock2\.com [NC]
RewriteRule .* [R,L]

Another idea is to return a 301 error.

RewriteCond %{HTTP_REFERER} ^http://www\.sitetoblock\.com
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

You can also block traffic from certain ip addresses using the apache ‘Limit’ satement which does not require using ‘mod_rewrite’.

order allow,deny
deny from
deny from
allow from all

Honestly, I’m not an expert in htaccess issues, so readers with extensive knowledge in the area are welcome to add creative inputs to the post.

11 thoughts to “How to block referrer spam traffic”

  1. Do I need to use the following brackets for this to work? Doesn’t seem like .htaccess is stopping these spammers…

    RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} buttons-for-website\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} darodar\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} social-buttons\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} simple-share-buttons\.com [NC]
    RewriteRule .* – [F,L]

  2. The htaccess you mentioned is working on my side. Try using a single spam site first for testing.

    RewriteCond %{HTTP_REFERER} semalt\.com [NC]
    RewriteRule .* – [F,L]

Leave a Reply

Your email address will not be published.