Ratings, reviews, plans and features to help you find the right web hosting provider for your site.

Using .htaccess to block referrer spam

Web Hosting Articles » A simple guide to .htaccess » Using .htaccess to block referrer spam


Lately referrer spam became a great annoyance for the webmasters. If you are not sure what referrer spam is you may wish to check this article: http://en.wikipedia.org/wiki/Referrer_spam

To block these spam referrers you need the following lines in your .htaccess file:

# set the spam_ref variable
SetEnvIfNoCase Referer "^http://(www.)?some-spammer.com" spam_ref=1

SetEnvIfNoCase Referer "^http://(www.)?other-spammer.com" spam_ref=1

SetEnvIfNoCase Referer "^casino-poker" spam_ref=1

# block all referres that have spam_ref set
<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=spam_ref
</FilesMatch>

The first lines “setenvifnocase” assign a span_ref environment variable. Then we deny all access to such referrers in the FilesMatch clause.

You can also use wildcards with the above .htaccess directives to match a variety of hosts. For example, you can use

SetEnvIfNoCase Referer "*some_word*" spam_ref=1

to match all referrers that contain the word 'some_word'.

For example you can ban visits from referral sites that contain in their domains words like: phentermine, viagra, cialis, shemale, porn, nude, celebrity, etc.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 2 >>

naruti Said,
Sep 11, 2008 @ 05:50

thx so much.

it's very helpful from me.

my website was flooded.
Sipylus Said,
Jan 19, 2010 @ 12:26

The "SetEnvIfNoCase" info was great and in a test was able to block of our site from google.com but not yahoo.com.
Your comments on this article

(required)

(required but never displayed)



security code


Previous: Using .htaccess for password protecting your folders Next: Disable Hot-Linking of images and other files

Back to Web Hosting Articles list