3 min read
Overview
Security is one of the most significant aspects when developing an application. If a resource like a node falls into the hands of an unauthorized individual, it can exhaust your limits and resources. In this guide, we will see how to avoid this and learn how to set up a referrer whitelist on a QuickNode node.
What is Referrer whitelisting?
First of all, let us understand 'What is a referrer?'. A referrer is actually misspelled as 'referer' in the HTTP standard. It is the part of the HTTP request which specifies the address of a web page, which is usually linked to a resource. Using referrers, servers identify the origin of requests.
Now, let us understand Referrer in the context of using QuickNode. Let us assume that you're building a dApp (decentralized application), which uses your QuickNode node to interact with the blockchain. At some point, you will need to store the codebase of your dApp on a code hosting platform like GitHub; at this point, you have your codebase hosted on GitHub, and your active QuickNode node URL is present in the code. If someone gets possession of this URL, they can then make unauthorized calls to your node, which will result in excess usage not done by you, so in such cases 'Referrer Whitelist' security feature of QuickNode comes in handy. You can whitelist a referrer which means that you can restrict requests to only be served from a certain domain, and all other requests will be rejected.
How to Setup a Referrer in QuickNode?
Let us have a look at how we can set up a referrer whitelist with QuickNode. First of all, you will need access to a node. If you don't have it already, you can easily sign up with a free QuickNode account here, set up an endpoint, then visit the security section for that endpoint.
Now, enter the desired hostname/domain you want to whitelist without URL fragments like '#section', '/resource', or user info like 'username:password'. Just enter the domain without the 'HTTP/HTTPS' protocol. For example, 'etherflow.quiknode.io'. Add the domain in the field below 'Referrer Whitelist' and click on 'ADD'.
So now, only the requests to our node made directly from https://etherflow.quiknode.io/ will be served.
Let us test this!
As you can see, the node is responding completely fine on that domain now. Let us try to make a cURL call to our node.
As you can see, the node did not respond. It will only respond to the requests made by the whitelisted referrer.
Note: While using this feature you must make sure that all the requests your website is sending to node have the Referer HTTP Header set exactly to what you've whitelisted in the QuickNode UI. For example, if you've added `example.com` in the QuickNode UI, your HTTP request should have https://example.com as the `Referer Header`, and if you're using the WSS endpoint the `Origin` header must be set to exactly what you've whitelsited in the UI.
This security feature is very important to block unauthorized access to your node. Another notable security feature is the authentication token rolling feature. If you ever feel that someone has access to your node URL, that node URL can be disabled by rolling the token. This will create a new node URL, and the old one will be rendered obsolete.
Conclusion
Thanks to the ‘Referrer Whitelist’ feature, our node is now secured. So today, we learned in brief about referrer and how to set referrer whitelist in QuickNode.
Subscribe to our newsletter for more articles and guides on Ethereum. If you have any feedback, feel free to reach out to us via Twitter. You can always chat with us on our Discord community server, featuring some of the coolest developers you’ll ever meet :)