[drupal-devel] [feature] Add Referrer Banning

Robin Monks drupal-devel at drupal.org
Tue Aug 9 14:19:02 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     feature requests
 Priority:     normal
 Assigned to:  Robin Monks
 Reported by:  Robin Monks
 Updated by:   Robin Monks
 Status:       patch (code needs review)
 Attachment:   http://drupal.org/files/issues/referring_banning_with_stat_fix_0.patch (7.97 KB)

New patch against HEAD, changes the title to "Ban referrer"


Robin Monks

Previous comments:

Fri, 29 Jul 2005 17:02:30 +0000 : Robin Monks

Attachment: http://drupal.org/files/issues/referring_banning_with_stat_fix.patch (7.9 KB)

The attached patch adds the following features to Drupal HEAD:

- Setting Access Permissions by referrer.

The attached patch fixes the following bugs:

- Port numbers on same domain cause Drupal to mark an external referrer

This patch changes the following modules, by function:

- user.module
-- user_admin_access_check Now allows checking based on referrer.
-- _user_admin_access_form Now has options for banning based on
-- user_admin_access Now lists referrer bans.
-- user_help Show referrer banning in documentation.
- bootstrap.inc
-- _drupal_bootstrap Checks to ensure user is not banned by referrer.
- statistics.module
-- statistics_top_referrers Has "quick-links" for banning referring
domain.  Fixes port issue.

I have tested this module and it works correctly on Drupal HEAD.



Sat, 30 Jul 2005 13:59:09 +0000 : Dries

What is the point of referrer banning?  To stop people from linking your
site?  I'd think this is only useful for 0.001% of all Drupal sites.


Sat, 30 Jul 2005 14:05:51 +0000 : killes at www.drop.org

I've asked Robin to implement this because a referrer spammer was
spamming drupal.org with porn referrers. This was annoying because it
made the "top referrers" page basically useless. I only got rid of the
spammer because Kjartan grepped the apache logs for me and told me the


Sat, 30 Jul 2005 14:32:08 +0000 : bertboerland at www.drop.org

dries, take a look at http://drupal.org/admin/logs/referrers [1]. mine
is even worse, nearly 15% of all referrers are pr0n sites. so i do
think it is usefull to ban based on referrer, not to prohibits linkers
but referrer spammers
[1] http://drupal.org/admin/logs/referrers


Sat, 30 Jul 2005 18:41:33 +0000 : Robin Monks

This is also useful for sites that try to pop other sites into IFrames
(sometime invisable).  

This code does need review.  I want to make sure that this will work on
all server/OS/php types.



Sun, 31 Jul 2005 10:32:37 +0000 : Dries

I'm still not convinced this feature is needed. I'm tempted to say
"won't fix" but I'll let this patch float in the review queue until
enough people showed interest in it.


Sun, 31 Jul 2005 15:13:41 +0000 : eldarin

A useful feature for sites plagued by the spammers on the net - another
sad example is http://www.xmlrpc.com/stats/referers .


Sun, 31 Jul 2005 15:58:45 +0000 : deekayen

I'd like to see this feature, but I would make a change to the patch.

In statistics.module, +    array('data' => t('Ban domain')) isn't
exactly clear. We know what it does in the context of this issue, but I
can see some of my users thinking that it will do a DNS lookup and ban
any users trying to visit from another ISP. If it were my patch, I'd
make it 'Ban visitors clicking from this webpage', but that might be
wordy for some of you.


Sun, 31 Jul 2005 23:56:00 +0000 : Robin Monks

If it were my patch, I'd make it 'Ban visitors clicking from this
but that might be wordy for some of you.
Don't forget, this is going in a table header.  Something like that on
my display would take the table halfway to greenland.
"Ban Referring Domain" or "Ban Referrer" may be better choices, but I
can't understand how someone could think a domain was an ISP???  I
mean, a domain is a domain.  Even non-tech-types know a domain is a
I'd like others opinions on this.

I feel the common concensus thus far is that this patch would be a good
addition to Drupals banning system.  However, the code still needs to
have some more testers.  This is also a good time to mention any
changes you'd like to see.


More information about the drupal-devel mailing list