Written by:David Aldridge
12/24/2009 9:50 AM 

Yesterdays incident with AWStas is more properly refered to as 'referer spam'.

Referer spam is where someone will hit your site with the referer section of the browser request set to be a site they want to drive traffic to.  The idea is to have links to those sites how up in any public stats pages you may have...

In order to stop it you have to use the rewrite modules for your webserver to block by referer.  So here are the rewrite configs for the three main webservers I use...

(obviously replace 'badreferer' with the offending referer domains)

# Referer Spam block via mod_rewrite (in config file or .htaccess)
RewriteEngine On
RewriteCond %{HTTP_REFERER} badreferer1 [OR]   <-- First rule must have just [OR]
RewriteCond %{HTTP_REFERER} badreferer2 [NC,OR]
RewriteCond %{HTTP_REFERER} badreferer3 [NC,OR]
RewriteCond %{HTTP_REFERER} badreferer4 [NC]   <-- Last rule must have just [NC]
RewriteRule .* - [F,L]

Same thing for NGINX (in config file):
location / {
  valid_referers none blocked *;
  if ($invalid_referer) {
    return   403;

And finally IIS 7:
Install URL Rewrite (available from
Select site
Click on URL Rewrite
Click add rule
Add request blocking rule
Set to block specified referrers


Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Security Code
Enter the code shown above in the box below
Add Comment  Cancel 
You must be logged in and have permission to create or edit a blog.