Apache, Nginx & Varnish blacklist plus Google Analytics segment to prevent referrer spam traffic 👾
.htaccess is a configuration file for use on web servers running Apache. This file is usually found in the root “public_html” folder of your website. The .htaccess file uses two modules to prevent referral spam, mod_rewrite and mod_setenvif. Decide which method is most suitable with your Apache server configuration. This file is Apache 2.4 ready, where mod_authz_host got deprecated.
With referral-spam.conf in /etc/nginx, include it globally from within /etc/nginx/nginx.conf:
http {
include referral-spam.conf;
}
Add the following to each /etc/nginx/site-available/your-site.conf that needs protection:
server {
if ($bad_referer) {
return 444;
}
}
Add referral-spam.vcl to Varnish 4 default file: default.vcl by adding the following code right underneath your default backend definitions
include "referral-spam.vcl";
sub vcl_recv { call block_referral_spam; }
The above methods don't stop the Google Analytics ghost referral spam (because they are hitting Analytics directly and don't touching your website). You should use filters in Analytics to prevent ghost referral spam.
Navigate to your Google Analytics Admin panel and add a Segment:
| Filter | Session | Include |
|---|---|---|
| Hostname | matches regex | ```your-website.com |
| Filter | Session | Exclude |
|---|---|---|
| Source | matches regex | Copy all the domains from google-exclude.txt to this field |
You can also prevent ghost referral spam by: