How to Block Referring Sites on Heroku

Why you might need this

Social media, hate sites, and spammy/scraped sites may all be sending traffic to your application that you would rather not have land. In some cases this can generate storms of traffic that are functionally the same as as denial of service attack.

Blocking referred traffic is an easy way to blunt some of the unsavory traffic hitting your site.

Prerequisites

What you need to get started:

1. Expedited WAF add-on is setup in front of your application.

How To Block Referring Sites on Heroku

Add referring sites to be blocked to the Block Bots page of your Expedited WAF dashboard:

Notes

• Blocking is dependent upon the HTTP_REFERER header being passed by the browser. This may not be present for any number of reasons (HTTP -> HTTPS links in Chrome, command line tools, or browser extensions)
• If the traffic is significant enough to be posing you uptime problems, you may need to layer on additional anti DDOS rules like CAPTCHA or Geographic restrictions.

Resources

Learn more about HTTP_REFERER headers.

• HTTP Referer Header
• Why HTTP_REFERER might be missing