How To Stop Referral Spam With CloudFlare Firewall

Referral spams are manipulating Google Analytics status and overload server resources. These are just automated bot accessing your site. If you can see traffic from unrelated sites, it’s mostly like you are a victim of a spammer.

First, we have to get a clear idea about what is referral spam? These automated bots repeated your site homepage or post URL requests using a fake referrer URL. No one never visits your site and its not generate any revenue. These ghost referral spam needs to put their site domain on your server access log or your analytics and gain your attention. This is not just for you, it happens almost all the sites on the internet. There’s no malicious attack to your site.

We can easily block referrer spam. So no need to filter referral spam in Google Analytics. To stop this kind of spamdexing, we can use a firewall rule. There are many solutions out there. If you already have WAF firewall you can configure that service.

In this post, I’m going to use the Cloudflare free Firewall to block spam bots. This firewall not installed on your server, therefore these automated bots never access your server. You can block them without even accessing your server. So you can protect your server overloading and slow down your site.

Cloudflare logo

This method has three steps,

  • Create a Cloudflare firewall rule.
  • Adding domain name and/or IP address that you need to block.
  • Deploy the firewall rule.

Just a simple three steps you can ban ghost referral spam accessing to your site, right away.

See also  How To Serve WordPress Images Subdomain On Nginx


Stop Referral Spam With Firewall.

If you are not a Cloudflare customer, you can create a free account. Free plan enough for this method. With one firewall rule, we can add multiple Ghost bot domain or IP address. So in a single rule can block all the spammers before accessing your server or site.

  • Go to Cloudflare “Firewall>Firewall Rule”.
Cloudflare Firewall access
Cloudflare Account access Firewall
  • To create a new rule click on the “Create a Firewall rule” button, like the following screenshot.
Create Firewall rule
Create a firewall rule page
  • Next page you have to add the referral spammer details. In here you can add the IP address or spammer domain name like the following screenshot.

Adding the domain name. 
This step we added referring domain name to block all the refer request coming from it. When someone accesses your site using blacklisted refer domain, that request block by Cloudflare. So no bot have to access your server or site.

    • Under the “Field” dropdown menu select “Referer” option.
    • Under the “Operator” select “Contains“. Which means exact domain name should match to trigger firewall rule to block the bot.
    • Under the “Value” type the domain name that you need to block.


Adding the IP address.
If you have server access log you can find the IP address of the bot. If you use shared hosting or blogging platform it’s hard to get the IP address. After you added the blacklisted IP when the bot accesses your server or site with that IP, all the request stop by Cloudflare.

    • Under the “Field” dropdown menu select “IP Address” option.
    • Under the “Operator” select “Equal“. Which means exact domain name should match to trigger firewall rule to block the bot.
    • Under the “Value” type the IP address, if the referring spammer has IP range you can add that range in “” format. Eg: IPv6 format “2001:db8::”.
Add firewall rule
Add Firewall rules to Cloudflare


  • To apply the changes click on the “Deploy” button. It will take a few seconds to apply. If you changed the already created rule, it will take around 60 seconds to propagate globally.
See also  How To Rename WordPress MySQL Database Table Prefix Easily


In this method, you don’t need to create several firewall rules to block referral spammers, with just a single rule you can add each spammer “domain name” or “IP address” by using the “OR” firewall condition.

  • Now almost all completed. Next, we have to specify what to do if the above criteria matched.
    • Under “Choose an action” select “Block”.
stop referral spam
Deploy Cloudflare firewall rule


Now you just stop referral spam. All the added IP’s or domain referring bots never access your site. Your site or server does not overload anymore.

If you are still not able to find ghost traffic, carefully check the analytic data. If you can find any odd sites, you need to exclude them from your sites analytic data.

This method can apply to any content management system software like WordPress, Drupal or Joomla.





error: Content is protected !!