How to setup referrer whitelist with QuickNode

April 12, 2022

Overview

Security is one of the most significant aspects when developing an application. If a resource like a node falls into the hands of an unauthorized individual, it can exhaust your limits and resources. In this guide, we will see how to avoid this and learn how to set up a referrer whitelist on a QuickNode node.

What is Referrer whitelisting?

First of all, let us understand 'What is a referrer?'. A referrer is actually misspelled as 'referer' in the HTTP standard. It is the part of the HTTP request which specifies the address of a web page, which is usually linked to a resource. Using referrers, servers identify the origin of requests.

Now, let us understand Referrer in the context of using QuickNode. Let us assume that you're building a dApp (decentralized application), which uses your QuickNode node to interact with the blockchain. At some point, you will need to store the codebase of your dApp on a code hosting platform like GitHub; at this point, you have your codebase hosted on GitHub, and your active QuickNode node URL is present in the code. If someone gets possession of this URL, they can then make unauthorized calls to your node, which will result in excess usage not done by you, so in such cases 'Referrer Whitelist' security feature of QuickNode comes in handy. You can whitelist a referrer which means that you can restrict requests to only be served from a certain domain, and all other requests will be rejected.

How to Setup a Referrer in QuickNode?

Let us have a look at how we can set up a referrer whitelist with QuickNode. First of all, you will need to boot a node. If you don't have it already, you can get a free trial node, then go to the security section of that node.

Screenshot of Quicknode Ethereum endpoint

Now, enter the desired hostname/domain you want to whitelist without URL fragments like '#section', '/resource', or user info like 'username:password'. Just enter the domain without the 'HTTP/HTTPS' protocol. For example, 'etherflow.quiknode.io'. Add the domain in the field below 'Referrer Whitelist' and click on 'ADD'.

Screenshot of Whitelist Referrer Section

So now, only the requests to our node made directly from https://etherflow.quiknode.io/ will be served. 

Let us test this!


As you can see, the node is responding completely fine on that domain now. Let us try to make a cURL call to our node.

curl http://withered-quiet-flower.bsc.network.quiknode.pro/token-goes-here/ \
  -X POST \
  -H "Content-Type: application/json" \
  --data '{"method":"eth_blockNumber","params":[],"id":1,"jsonrpc":"2.0"}'


As you can see, the node did not respond. It will only respond to the requests made by the whitelisted referrer.

Note: While using this feature you must make sure that all the requests your website is sending to node have the Referer HTTP Header set exactly to what you've whitelisted in the QuickNode UI. For example, if you've added `example.com` in the QuickNode UI, your HTTP request should have https://example.com as the `Referer Header`, and if you're using the WSS endpoint the `Origin` header must be set to exactly what you've whitelsited in the UI.

This security feature is very important to block unauthorized access to your node. Another notable security feature is the authentication token rolling feature. If you ever feel that someone has access to your node URL, that node URL can be disabled by rolling the token. This will create a new node URL, and the old one will be rendered obsolete.


Conclusion

Thanks to the ‘Referrer Whitelist’ feature, our node is now secured. So today, we learned in brief about referrer and how to set referrer whitelist in QuickNode. 

Subscribe to our newsletter for more articles and guides on Ethereum. If you have any feedback, feel free to reach out to us via Twitter. You can always chat with us on our Discord community server, featuring some of the coolest developers you’ll ever meet :)

Related articles 18

How to setup WebHooks with QuickNode
Apr 12, 2022

In this article, we'll learn about WebHooks and how we can set-up WebHooks with QuickNode.What are WebHooks?Everything we do on the internet can be marked/considered as events and as the internet grows, these events grow in...

Continue reading
How to set a custom provider in MetaMask
Apr 12, 2022

MetaMask is one of the essential tools for web3 development. It comes set up with Ethereum blockchain networks out of the box. But there can be some specific use cases where you might want to add a custom provider to MetaMask for faster transaction processing or to...

Continue reading
How to Set Up Multi-Token Authentication on QuickNode
Jun 20, 2022

Security is an important part of developing a resilient Web3 application. If the security of your blockchain infrastructure is compromised, it can lead to downtime for your users. We here at QuickNode recently released a new update to our security features available on...

Continue reading
An Introduction to the Solana Account Model
Apr 20, 2022

The Solana account model is a critical part of the Solana ecosystem and can be one the hardest concepts for developers, especially ones transitioning from other blockchains, to understand. To work on the Solana blockchain efficiently, a...

Continue reading
Pending and Queued Transactions Explained
Apr 12, 2022

The Ethereum network processes over one million transactions a day. These transactions originate from users wanting to transfer Ether or interact with smart contracts. In this guide, we will teach you about the Pending and Queued state of transactions on the Ethereum...

Continue reading
What are Ethereum Transactions?
Apr 12, 2022

Transactions in Ethereum are cryptographically signed data messages that contain a set of instructions. These instructions can interpret to sending Ether from one Ethereum account to another or interacting with a smart contract deployed on the blockchain. Transactions are...

Continue reading
Blockchain Consensus Mechanisms
May 31, 2022

Data consistency and security are the principles that guide blockchain technology. There are different mechanisms and algorithms blockchains use to regulate their working throughout the chain to achieve this. In this guide, we will learn about the various blockchain...

Continue reading