How to Block Referring Sites on Heroku
Why you might need this
Social media, hate sites, and spammy/scraped sites may all be sending traffic to your application that you would rather not have land. In some cases this can generate storms of traffic that are functionally the same as as denial of service attack.
Blocking referred traffic is an easy way to blunt some of the unsavory traffic hitting your site.
Prerequisites
What you need to get started:
- Expedited WAF add-on is setup in front of your application.
How To Block Referring Sites on Heroku
Add referring sites to be blocked to the Block Bots page of your Expedited WAF dashboard:
Notes
- Blocking is dependent upon the
HTTP_REFERER
header being passed by the browser. This may not be present for any number of reasons (HTTP -> HTTPS links in Chrome, command line tools, or browser extensions) - If the traffic is significant enough to be posing you uptime problems, you may need to layer on additional anti DDOS rules like CAPTCHA or Geographic restrictions.
Resources
Learn more about HTTP_REFERER
headers.