Geek Answers Handbook

How to block referral spam using Heroku

I recently launched my first application on Heroku, and I saw how traffic appears in Google Analytics on a page that does not exist in my application. I would not recommend clicking on these sites, but it appears under the "top pages" as http://co.lumb.co/, and then shows http://forum.topic56809347.darodar.com/as a "top referrer".

I saw several solutions related to using a .htaccess file to block a spammer, but how would I do it with Heroku and Rails? (I'm new to both)

Is this something I should worry about? I found a similar question in this Wordpress theme: https://wordpress.org/support/topic/a-non-existent-page-is-showing-up-on-my-analytics

Thank!

+4
source share
1 answer

You can block requests at the Rack middleware level. You can use the gem ( rack-attack ), or you can create your own Rack middleware.

Option 1: Rack-attack

https://github.com/kickstarter/rack-attack

If you want to go in standby mode, after you installed it, you can use a configuration that looks like this:

# config/initializers/rack-attack.rb

class Rack::Attack
  blacklist("block referer spam") do |request|
    spammers = [/co\.lumb\.co/, /darodar/]
    spammers.find { |spammer| request.referer =~ spammer }
  end
end

Since we love testing, here is a test that you must write first before implementing the solution (using the RSpec request specification):

# spec/requests/referer_spam_block_spec.rb

require "rails_helper"

describe "Referer blacklist", type: :request do
  describe "referer spam" do
    it "is blocked" do
      spammers = ["http://co.lumb.co/", "http://forum.topic56809347.darodar.com/"]

      spammers.each do |spammer|
        get root_path, {}, { "HTTP_REFERER" => spammer }

        expect(response).to be_forbidden
      end
    end
  end

  describe "regular referer" do
    it "is not blocked" do
      get root_path, {}, { "HTTP_REFERER" => "google.com" }

      expect(response).to be_ok
    end
  end

  describe "direct request" do
    it "is not blocked" do
      get root_path

      expect(response).to be_ok
    end
  end
end

Option 2: Custom Middleware

( -), , Rack, (: ):

# lib/referer_spam_blocker.rb

class RefererSpamBlocker
  SPAMMERS = [/co\.lumb\.co/, /darodar/]

  def initialize(app)
    @app = app
  end

  def call(env)
    if blacklisted?(env)
      forbidden
    else
      @app.call(env)
    end
  end

  private

  def blacklisted?(env)
    !SPAMMERS.find { |spammer| env["HTTP_REFERER"] =~ spammer }.empty?
  end

  def forbidden
    [403, {'Content-Type' => 'text/plain'}, ["Forbidden\n"]]
  end
end

Rails, , config/application.rb

config.middleware.use RefererSpamBlocker

, Rack : http://railscasts.com/episodes/151-rack-middleware

Bonus

, , , ENV .

+10

More articles:


All Articles