an ASP.NET, C# technical blog, by Gianni Tropiano

Anti-Referrer-Spam-Bot-Trap Updated

by CodeGolem 4. November 2010 11:08

In my previous post I talked about a Module-and-Handler to stop referrer spam.

Well, I worked out a smarter version which uses a single HttpModule alernative:

This is the new implementation of the BeginRequest event handler of the Module:

/// <summary>
/// Handles referral requests
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void context_BeginRequest(object sender, EventArgs e)
    HttpContext context = ((HttpApplication)sender).Context;

    // no action for requests already authorized, without referrer or whose referrer is in the current domain
    if (!(context.CurrentHandler is System.Web.UI.Page) || context.Session["_authorized"] != null || context.Request.UrlReferrer == null || context.Request.UrlReferrer.Authority.ToLower() == context.Request.Url.Authority.ToLower())

    // sets no cacheability

    // refuses requests from BAD IPs
    if (isBadIp())
        // flags the current IP as BAD

        context.Response.Write("<html><head><script type='text/javascript'>function redirect() { window.location.reload(); }</script><body onmouseover='redirect()'>Redirecting to the requested URL. <a href='javascript:redirect()'>Click here</a> if you are not redirected automatically.</body></html>");
        context.Session["_authorized"] = true;

        context.Response.StatusCode = 205;

In this version it is the HttpModule itself that issues the client-challanging javascript code.

The first request to any Page is not served: a session variable is set to keep track of the request, and the javascript is issued instead, with a 205 HTTP Status Code (Document Reset... that means further action is required to the client).

If the client sucessfully executes the challange-javascript (a simple page refresh), the HttpModule allows the original handler (Page) to be executed.

Comments are welcome!

Happy coding!

Tags: , , ,


Add comment

  Country flag

  • Comment
  • Preview

Recent Posts

Sponsored By


e-commerce has

never been so izi!

Try our online store!