ReferrerBlock 2026.3.21

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package ReferrerBlock --version 2026.3.21
                    


                    

                
NuGet\Install-Package ReferrerBlock -Version 2026.3.21
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="ReferrerBlock" Version="2026.3.21" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="ReferrerBlock" Version="2026.3.21" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="ReferrerBlock" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add ReferrerBlock --version 2026.3.21
                    


                    

                
#r "nuget: ReferrerBlock, 2026.3.21"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package ReferrerBlock@2026.3.21
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=ReferrerBlock&version=2026.3.21
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=ReferrerBlock&version=2026.3.21
                    


                            Install as a Cake Tool

ReferrerBlock

ReferrerBlock

NuGet BlazorWinOld Nuget Package License: MIT

ReferrerBlock middleware to block referrer spam and malicious traffic.

โš™๏ธ Usage

var builder = WebApplication.CreateBuilder(args); var app = builder.Build();

app.UseReferrerBlock();

app.Run();

The middleware uses default blocking rules. Optionally, you can customize them:

app.UseReferrerBlock(options => { 
    options.BlockedDomains.Add("spam-site.com"); 
    options.BlockedTLDs.Add(".suspicious"); 
    options.BlockedPatterns.Add("malicious");
    options.BlockedSubdomainPrefixes.Add("spam");
    });

๐Ÿ“ Examples

Disable default TLD blocking

app.UseReferrerBlock(options => 
{ 
    options.BlockedTLDs.Clear(); // Remove all default TLDs
    options.BlockedDomains.Add("spam-site.com"); 
});

Use only custom rules

app.UseReferrerBlock(options => 
{ 
    // Clear all default rules
    options.BlockedTLDs.Clear();
    options.BlockedDomains.Clear();
    options.BlockedPatterns.Clear();
    options.BlockedSubdomainPrefixes.Clear();
    
    // Add only your custom rules
    options.BlockedDomains.Add("spam-site.com");
    options.BlockedDomains.Add("malicious-domain.com");
    options.BlockedTLDs.Add(".scam");
    options.BlockedPatterns.Add("suspicious");
    options.BlockedSubdomainPrefixes.Add("bot");
});

Combine default rules with custom ones

app.UseReferrerBlock(options => 
{ 
    // Keep default rules and add custom ones
    options.BlockedDomains.Add("spam-site.com"); 
    options.BlockedTLDs.Add(".suspicious"); 
    options.BlockedPatterns.Add("malicious");
    options.BlockedSubdomainPrefixes.Add("bot");
});

Block subdomain prefixes with numeric variations

The BlockedSubdomainPrefixes option allows you to block subdomains that start with a specific prefix followed by optional digits.

app.UseReferrerBlock(options => 
{ 
    // Block subdomains like: iqri., iqri1., iqri18., hk., hk1., hk12., etc.
    options.BlockedSubdomainPrefixes.Add("iqri");
    options.BlockedSubdomainPrefixes.Add("hk");
    options.BlockedSubdomainPrefixes.Add("spam");
});

This will block referrers like:

  • iqri.example.com โœ… blocked
  • iqri1.spammer.net โœ… blocked
  • iqri18.malicious.org โœ… blocked
  • hk12.badsite.com โœ… blocked

But will NOT block:

  • iqri1x.example.com โŒ not blocked (has letters after digits)
  • myiqri1.example.com โŒ not blocked (prefix not at start)
  • iqrisite.com โŒ not blocked (in domain name, not subdomain)

Block domains with wildcard patterns

The BlockedWildcardPatterns option allows you to block domains using wildcard patterns where * matches any characters.

app.UseReferrerBlock(options => 
{ 
    // Block patterns like: *crmsoftware*.com, sdk*freegame.top
    options.BlockedWildcardPatterns.Add("*crmsoftware*.com");
    options.BlockedWildcardPatterns.Add("sdk*freegame.top");
    options.BlockedWildcardPatterns.Add("*spam*.net");
});

Examples of what gets blocked:

  • *crmsoftware*.com blocks:

    • crmsoftwareedge.com โœ… blocked
    • crmsoftwarefocus.com โœ… blocked
    • mycrmsoftwarehub.com โœ… blocked
    • testcrmsoftware.com โœ… blocked
    • But NOT crmsoftwareedge.net โŒ (different TLD)

  • sdk*freegame.top blocks:

    • sdk0freegame.top โœ… blocked
    • sdk3freegame.top โœ… blocked
    • sdk7freegame.top โœ… blocked
    • sdkanyfreegame.top โœ… blocked
    • But NOT sdkfreegame.com โŒ (different TLD)

  • *spam*.net blocks:

    • spam.net โœ… blocked
    • myspamsite.net โœ… blocked
    • spamnetwork.net โœ… blocked
    • test-spam-tools.net โœ… blocked

Why use wildcard patterns instead of simple patterns?

  • Simple patterns (BlockedPatterns) use Contains() and match anywhere in any TLD
  • Wildcard patterns give you precise control with specific TLD requirements
  • Example: "crmsoftware" in BlockedPatterns would block ALL TLDs (.com, .net, .org, etc.)
  • Example: "*crmsoftware*.com" in BlockedWildcardPatterns blocks ONLY .com domains

๐Ÿš€ Performance

The middleware is optimized for high-performance scenarios using ReadOnlySpan<char> instead of traditional Uri parsing, resulting in minimal memory allocations.

Benchmark Results

BenchmarkDotNet v0.15.8, Windows 11, Intel Core i9-9900K CPU 3.60GHz
.NET 9.0.12, X64 RyuJIT x86-64-v3
Method Mean Allocated Improvement
โœ… Optimized (Span) 1.243 ยตs 704 B Baseline
โŒ Original (Uri) 6.892 ยตs 9,952 B -
Metric Gain
Speed 5.5x faster
Memory 14x less allocations

Run benchmarks yourself:

cd benchmarks/AspNetCore.ReferrerBlock.Benchmarks
dotnet run -c Release

๐Ÿ“Š Blocked Domains

See BLOCKED_DOMAINS.md for the complete list of blocked domains, TLDs, and patterns with their addition history.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2026.3.21 31 3/21/2026
2026.2.28 119 2/28/2026
2026.2.15 106 2/15/2026
2026.2.10 113 2/10/2026
2026.2.8 99 2/8/2026
2026.2.6 96 2/6/2026
2026.2.5 100 2/5/2026
2026.2.1 106 2/1/2026
2026.1.26 118 1/26/2026
2026.1.22 104 1/22/2026
2026.1.16 103 1/16/2026
2026.1.14 107 1/14/2026
2026.1.11 110 1/11/2026
2026.1.8 109 1/8/2026
2026.1.5 117 1/5/2026
2026.1.1 120 1/1/2026
2025.12.31 109 12/30/2025
2025.12.30 118 12/30/2025
2025.12.27 122 12/27/2025
2025.12.26 170 12/26/2025
Loading failed

Initial release with referrer blocking capabilities.