🚪
Web block
Used when the request itself is suspicious enough to stop immediately, for example burst attacks, blocked ranges or clear bot reasons.
Technical architecture
Server-side fraud prevention designed around real advertising traffic.
The system does not rely only on JavaScript, cookies or platform reports. It reads the incoming request, scores it, records evidence and blocks suspicious traffic at the web edge.
Architecture
A practical protection layer.
- PHP protection file runs early in the request lifecycle.
- Paid traffic is identified by ad parameters and suffix markers.
- Runtime state tracks burst attempts, IP counters and replay history.
- Range incident memory groups IPv4 /24 and IPv6 /64 behavior.
- Blacklist API exposes active blocks and Ads-only ranges.
- Google Apps Script can sync ranges into Google Ads IP exclusions.
request ↓ paid traffic detection ↓ burst + replay + geo + datacenter + crawler checks ↓ decision: pass / 404 block / range escalate ↓ logs + blacklist + API export ↓ Google Ads exclusion sync
Separation of actions
Web blocking and ad exclusion are not the same thing.
Click Fraud Block can be strict against paid traffic while staying safer for normal website visitors. The system distinguishes between an immediate web block and a temporary Ads-only exclusion.
📣
Ads-only exclusion
Used to stop showing ads to suspicious ranges without necessarily blocking the entire website for that network.
⏳
TTL-based cleanup
Temporary ad exclusions can expire automatically when no fresh evidence is seen, keeping the Google Ads exclusion list cleaner.
Current policy example
Designed for stronger Google Ads filtering.
A typical public setup can show a 30-day range memory and a 30-day operational view, while keeping detailed paid-event logs for longer audit review.
- Google Ads qz/v markers are counted as clean current paid signals.
- Old legacy parameters are not blindly replayed into new Ads-only decisions.
- IPv6 is handled at /64, avoiding broad /32 blocking.
- Individual IP evidence remains available in paid-event logs.
| Component | Example value |
|---|---|
| Ads-only detection window | 30 days |
| Ads-only TTL | 30 days |
| Paid event audit | 180 days |
| IPv4 range | /24 |
| IPv6 range | /64 |
| Crawler logic | Verified infrastructure is separated from human clicks. |
Turn server logs into protection.
Every suspicious paid hit can become evidence for a smarter blocking decision.