Documentation Commerce Commerce on Cloud Guide

Block referral spam

Last update: May 14, 2026

CREATED FOR:

Admin
Developer

The following example shows how to configure Fastly Edge Dictionary with a custom VCL snippet to block referral spam from your Adobe Commerce on cloud infrastructure site.

NOTE

We recommend adding custom VCL configurations to a Staging environment where you can test them before running them against the Production environment.

Prerequisites:

Seu ambiente deve ser configurado para usar o Fastly CDN. Consulte Configurar serviços do Fastly.
Verifique se você está executando a versão mais recente do módulo CDN Fastly para o Magento 2. Consulte Atualizar o Módulo Fastly.
Verifique a configuração do ambiente para o serviço Fastly. Consulte Verificar cache rápido.
Você deve ter credenciais de Administrador para acessar os ambientes de Preparo e Produção.
Review your site logs for fake referral URLs, and make a list of domains to block.

Create a referrer blocklist

Edge Dictionaries create key-value pairs accessible to VCL functions during VCL snippet processing. In this example, you create an edge dictionary that provides the list of referrer websites to block.

Log in to the Admin.
Click Stores > Settings > Configuration > Advanced > System.
Expand Full Page Cache > Fastly Configuration > Edge dictionaries.
Create the Dictionary container:
- Click Add container.
- On the Container page, enter a Dictionary name—referrer_blocklist.
- Select Activate after the change to deploy your changes to the version of the Fastly service configuration that you are editing.
- Click Upload to attach the dictionary to your Fastly service configuration.
Add the list of domain names to block to the referrer_blocklist dictionary:
- Click the Settings icon for the referrer_blocklist dictionary.
- Add and save key-value pairs in the new dictionary. For this example, each Key is the domain name of a referrer URL to block and Value is true.
- Click Cancel to return to the system configuration page.
Click Save Config.
Refresh the cache according to the notification at the top of the page.

For more information about Edge Dictionaries, see Creating and using Edge Dictionaries and custom VCL snippets in the Fastly documentation.

Create a custom VCL snippet to block referrer spam

The following custom VCL snippet code (JSON format) shows the logic to check and block requests. The VCL snippet captures the host of a referrer website into a header, and then compares the host name to the list of URLs in the referrer_blocklist dictionary. If the host name matches, the request is blocked with a 403 Forbidden error.

{
  "name": "block_bad_referrer",
  "dynamic": "0",
  "type": "recv",
  "priority": "5",
  "content": "if (req.http.Referer ~ \"^(.*:)//([A-Za-z0-9\-\.]+)(:[0-9]+)?(.*)$\") {set req.http.Referer-Host = re.group.2;}if (table.lookup(referrer_blocklist, req.http.Referer-Host)) {error 403 \"Forbidden\";}"
}

Before creating a snippet based on this example, review the values to determine whether you need to make any changes:

name — Name for the VCL snippet. For this example, we used block_bad_referrer.
dynamic — Value 0 indicates a regular snippet to upload to the versioned VCL for the Fastly configuration.
priority — Determines when the VCL snippet runs. The priority is 5 to run this snippet code before any of the default Magento VCL snippets (magentomodule_*) assigned a priority of 50. Set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Snippets with lower priority numbers run first.
type — Specifies a location to insert the snippet in the VCL version. In this example, the VCL snippet is a recv snippet. When the snippet is inserted into the VCL version, it is added to the vcl_recv subroutine, below the default Fastly VCL code and above any objects.
content — The snippet of VCL code to run in one line, without line breaks.

After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration:

Add the custom VCL snippet from the Admin. This method is recommended if you can access the Admin. (Requires Fastly version 1.2.58 or later.)
Save the JSON code example to a file (for example, allowlist.json) and upload it using the Fastly API. Use this method if you cannot access the Admin.

Add the custom VCL snippet

Log in to the Admin.
Click Stores > Settings > Configuration > Advanced > System.
Expand Full Page Cache > Fastly Configuration > Custom VCL Snippets.
Click Create Custom Snippet.

Add the VCL snippet values:

Name — block_bad_referrer
Type — recv
Priority — 5

VCL snippet content —

code language-conf

code language-conf
`if (req.http.Referer ~ "^(.:)//([A-Za-z0-9\-\.]+)(:[0-9]+)?(.)$") { set req.http.Referer-Host = re.group.2; } if (table.lookup(referrer_blocklist, req.http.Referer-Host)) { error 403 "Forbidden"; }`

if (req.http.Referer ~ "^(.*:)//([A-Za-z0-9\-\.]+)(:[0-9]+)?(.*)$") {
  set req.http.Referer-Host = re.group.2;
}
if (table.lookup(referrer_blocklist, req.http.Referer-Host)) {
  error 403 "Forbidden";
}

Click Create.
After the page reloads, click Upload VCL to Fastly in the Fastly Configuration section.
After the upload completes, refresh the cache according to the notification at the top of the page.

Fastly validates the updated VCL version during the upload process. If the validation fails, edit your custom VCL snippet to fix any issues. Then, upload the VCL again.

NOTE

Instead of manually uploading custom VCL snippets, you can add snippets to the $MAGENTO_CLOUD_APP_DIR/var/vcl_snippets_custom directory in your environment. Snippets in this directory upload automatically when you click upload VCL to Fastly in the Commerce Admin. See Automated custom VCL snippets deployment in the Fastly CDN module for Magento 2 documentation.

Modificar o trecho de VCL personalizado

Faça logon no Administrador.
Clique em Lojas > Configurações > Configuração > Avançadas > Sistema.
Expanda Cache de Página Inteira > Configuração Rápida > Trechos de VCL Personalizados.
Na coluna Ação, clique no ícone de configurações ao lado do trecho a ser editado.
Depois que a página for recarregada, clique em Carregar VCL para Fastly na seção Configuração Fastly.
Depois que o upload for concluído, atualize o cache de acordo com a notificação na parte superior da página.

WARNING

A opção Custom VCL snippets UI mostra apenas os trechos adicionados pelo Administrador do Adobe Commerce. Se você adicionar trechos usando a API Fastly, use a API para gerenciá-los.

Excluir o trecho de VCL personalizado

Faça logon no Administrador.
Clique em Lojas > Configurações > Configuração > Avançadas > Sistema.
Expanda Cache de Página Inteira > Configuração Rápida > Trechos de VCL Personalizados.
Na coluna Ação, clique no ícone de lixeira ao lado do trecho a ser excluído.
Na próxima janela modal, clique em DELETE e ative uma nova versão.

WARNING

A opção Custom VCL snippets UI mostra apenas os trechos adicionados pelo Administrador do Adobe Commerce. Se você adicionar trechos usando a API Fastly, use a API para gerenciá-los.

recommendation-more-help

commerce-on-cloud-help-cloud-guide