HOW TO: Block traffic coming from a specific domain

January 29, 2020

Inbound links are awesome. Except for when they're not. Spam traffic coming from forums, spam comments can spend up server resources, skew your analytics and hurt your SEO.

Let's assume you've just noticed a bunch of traffic coming to your site from www.iamaspamsite.com.

For Apache servers, this should do the job (in .htaccess):

RewriteCond %{HTTP_REFERER} www\.iamaspamsite\.com [NC]
RewriteRule .* - [F]

You can test the rule works in your terminal with a curl that makes you pretend to come from www.iamaspamsite.com:

curl -IL --referer https://www.iamaspamsite.com https://YOURDOMAIN.COM

The response beforehand should look like a bunch of headers and shenanigans - but at the top you should see a 200 response code.

When the rule is in place, this should become a 403 response.

To accomplish the same block on an Nginx server, use this in your config:

if ($http_referer ~ "www\.iamaspamsite\.com")  { 
  return 444;
}

Sorted.