ReferrerBlock 2026.2.28

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package ReferrerBlock --version 2026.2.28
                    


                    

                
NuGet\Install-Package ReferrerBlock -Version 2026.2.28
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="ReferrerBlock" Version="2026.2.28" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="ReferrerBlock" Version="2026.2.28" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="ReferrerBlock" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add ReferrerBlock --version 2026.2.28
                    


                    

                
#r "nuget: ReferrerBlock, 2026.2.28"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package ReferrerBlock@2026.2.28
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=ReferrerBlock&version=2026.2.28
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=ReferrerBlock&version=2026.2.28
                    


                            Install as a Cake Tool

ReferrerBlock

ReferrerBlock

NuGet BlazorWinOld Nuget Package License: MIT

ReferrerBlock middleware to block referrer spam and malicious traffic.

โš™๏ธ Usage

var builder = WebApplication.CreateBuilder(args); var app = builder.Build();

app.UseReferrerBlock();

app.Run();

The middleware uses default blocking rules. Optionally, you can customize them:

app.UseReferrerBlock(options => { 
    options.BlockedDomains.Add("spam-site.com"); 
    options.BlockedTLDs.Add(".suspicious"); 
    options.BlockedPatterns.Add("malicious");
    options.BlockedSubdomainPrefixes.Add("spam");
    });

๐Ÿ“ Examples

Disable default TLD blocking

app.UseReferrerBlock(options => 
{ 
    options.BlockedTLDs.Clear(); // Remove all default TLDs
    options.BlockedDomains.Add("spam-site.com"); 
});

Use only custom rules

app.UseReferrerBlock(options => 
{ 
    // Clear all default rules
    options.BlockedTLDs.Clear();
    options.BlockedDomains.Clear();
    options.BlockedPatterns.Clear();
    options.BlockedSubdomainPrefixes.Clear();
    
    // Add only your custom rules
    options.BlockedDomains.Add("spam-site.com");
    options.BlockedDomains.Add("malicious-domain.com");
    options.BlockedTLDs.Add(".scam");
    options.BlockedPatterns.Add("suspicious");
    options.BlockedSubdomainPrefixes.Add("bot");
});

Combine default rules with custom ones

app.UseReferrerBlock(options => 
{ 
    // Keep default rules and add custom ones
    options.BlockedDomains.Add("spam-site.com"); 
    options.BlockedTLDs.Add(".suspicious"); 
    options.BlockedPatterns.Add("malicious");
    options.BlockedSubdomainPrefixes.Add("bot");
});

Block subdomain prefixes with numeric variations

The BlockedSubdomainPrefixes option allows you to block subdomains that start with a specific prefix followed by optional digits.

app.UseReferrerBlock(options => 
{ 
    // Block subdomains like: iqri., iqri1., iqri18., hk., hk1., hk12., etc.
    options.BlockedSubdomainPrefixes.Add("iqri");
    options.BlockedSubdomainPrefixes.Add("hk");
    options.BlockedSubdomainPrefixes.Add("spam");
});

This will block referrers like:

  • iqri.example.com โœ… blocked
  • iqri1.spammer.net โœ… blocked
  • iqri18.malicious.org โœ… blocked
  • hk12.badsite.com โœ… blocked

But will NOT block:

  • iqri1x.example.com โŒ not blocked (has letters after digits)
  • myiqri1.example.com โŒ not blocked (prefix not at start)
  • iqrisite.com โŒ not blocked (in domain name, not subdomain)

Block domains with wildcard patterns

The BlockedWildcardPatterns option allows you to block domains using wildcard patterns where * matches any characters.

app.UseReferrerBlock(options => 
{ 
    // Block patterns like: *crmsoftware*.com, sdk*freegame.top
    options.BlockedWildcardPatterns.Add("*crmsoftware*.com");
    options.BlockedWildcardPatterns.Add("sdk*freegame.top");
    options.BlockedWildcardPatterns.Add("*spam*.net");
});

Examples of what gets blocked:

  • *crmsoftware*.com blocks:

    • crmsoftwareedge.com โœ… blocked
    • crmsoftwarefocus.com โœ… blocked
    • mycrmsoftwarehub.com โœ… blocked
    • testcrmsoftware.com โœ… blocked
    • But NOT crmsoftwareedge.net โŒ (different TLD)

  • sdk*freegame.top blocks:

    • sdk0freegame.top โœ… blocked
    • sdk3freegame.top โœ… blocked
    • sdk7freegame.top โœ… blocked
    • sdkanyfreegame.top โœ… blocked
    • But NOT sdkfreegame.com โŒ (different TLD)

  • *spam*.net blocks:

    • spam.net โœ… blocked
    • myspamsite.net โœ… blocked
    • spamnetwork.net โœ… blocked
    • test-spam-tools.net โœ… blocked

Why use wildcard patterns instead of simple patterns?

  • Simple patterns (BlockedPatterns) use Contains() and match anywhere in any TLD
  • Wildcard patterns give you precise control with specific TLD requirements
  • Example: "crmsoftware" in BlockedPatterns would block ALL TLDs (.com, .net, .org, etc.)
  • Example: "*crmsoftware*.com" in BlockedWildcardPatterns blocks ONLY .com domains

๐Ÿš€ Performance

The middleware is optimized for high-performance scenarios using ReadOnlySpan<char> instead of traditional Uri parsing, resulting in minimal memory allocations.

Benchmark Results

BenchmarkDotNet v0.15.8, Windows 11, Intel Core i9-9900K CPU 3.60GHz
.NET 9.0.12, X64 RyuJIT x86-64-v3
Method Mean Allocated Improvement
โœ… Optimized (Span) 1.243 ยตs 704 B Baseline
โŒ Original (Uri) 6.892 ยตs 9,952 B -
Metric Gain
Speed 5.5x faster
Memory 14x less allocations

Run benchmarks yourself:

cd benchmarks/AspNetCore.ReferrerBlock.Benchmarks
dotnet run -c Release

๐Ÿ“Š Blocked Domains

See BLOCKED_DOMAINS.md for the complete list of blocked domains, TLDs, and patterns with their addition history.

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

  • net9.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2026.2.28 94 2/28/2026
2026.2.15 102 2/15/2026
2026.2.10 109 2/10/2026
2026.2.8 95 2/8/2026
2026.2.6 93 2/6/2026
2026.2.5 97 2/5/2026
2026.2.1 102 2/1/2026
2026.1.26 116 1/26/2026
2026.1.22 101 1/22/2026
2026.1.16 99 1/16/2026
2026.1.14 103 1/14/2026
2026.1.11 106 1/11/2026
2026.1.8 105 1/8/2026
2026.1.5 113 1/5/2026
2026.1.1 112 1/1/2026
2025.12.31 101 12/30/2025
2025.12.30 109 12/30/2025
2025.12.27 117 12/27/2025
2025.12.26 162 12/26/2025
2025.12.22 201 12/23/2025
Loading failed

Initial release with referrer blocking capabilities.