Request.UrlReferrer and Nortan Internet Security 2005

A

Aaron Prohaska

Has anyone had any experience with Nortan Antivirus causing problems
when trying to use Request.UrlReferrer? I am seeing in the Nortan
Antivirus log that its blocking my page from loading because of a
"Privacy" problem. I don't understand why this is happening because the
code should be compiled and run on the server and this problem is on a
client machine. The only reason that I think its the Request.UrlReferrer
is that if I comment out the lines using Request.UrlReferrer then the
page will load.

Here are some specs on the client.
Windows XP Pro SP2 (also tried SP1)
IE and Firefox
Nortan Internet Security 2005

Here is what the privacy log looks like.

------------------------------------------------------------------
5/18/2005 10:18:33 AM

Supervisor
http://server1/WS2/WSLogic/Frame.aspx?company=Colnago&style=R&num=1

Referer
http://server1/WS2/WSLogic/Frames.aspx?company=Colnago&style=R

Private Data:
Date Time: 5/18/2005 10:18:33 AM
User: Supervisor
Action: Blocked
Type: Referer
URL: http://server1/WS2/WSLogic/Frame.aspx?company=Colnago&style=R&num=1
Data: http://server1/WS2/WSLogic/Frames.aspx?company=Colnago&style=R
 
K

Karl Seguin

If I understand correctly, the page won't load on your client which is
running Norton AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't
sent to the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null
reference error because UrlReferer is null/nothing. You need to program
more defensively. While it's stupid that NAV blocks it, you should never
expect user input (and this is a user input, it's just automatically sent
for the user) to exist. In other words, you simply can't rely on UrlReferer
to exist, and must check for null first.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
 
A

Aaron Prohaska

Karl,

I will try and re-write my code so that I don't have to use the referer.
Its a shame because it really made solving a problem a lot easier. This
means I have to start all over with code that was not easy to begin
with. Thank you for the answer though its very helpful.

Regards,

Aaron
 
J

Juan T. Llibre

What you should do is get in touch with Norton and give them
hell for stripping UrlReferer, which is an innocuous string which
they shouldn't be blocking.

Why simply sit and take it ?

I'd like to know what their reason for blocking it is.
 
K

Karl Seguin

I see how it can, in some circumstances, be considered private information.
Remember, for every one of us who'd use it legitimitally in our
applications, there's a telemarketter who'd likely like to collect and sell
the information.

Whether you believe it's a privacy matter or not, it IS a user input and
shouldn't be relied upon. As far as I know it isn't a required header off
the http specifications and therefore good applications should be able to
live without it. If you are tracking url referrer within your own site, you
can mimic the behaviour with cookies/sessions. iT's when you want to track
users from another site that your SOL..and though there are certainly
legitimate cases of this, so to are there illegitimate ones...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
 
J

Juan T. Llibre

I don't know, Karl.

I usually agree with you but, on this one,
we will have to agree to disagree.

Whenever Norton, or any other company, starts telling me what
my privacy concerns are, or should be, it's time to find another
provider for the services the think they're providing, which could be,
more accurately, classified as *disservices*.

At the very least, Norton should provide an *option* to strip UrlReferer,
or not, depending on whatever the client wants his policy to be.

I hate *Big Brother* forcing me to accept *his* privacy parameters.
 
A

Aaron Prohaska

Karl,

If the referrer is striped out doesn't that mean that web site
statistics are now inaccurate as well? If anti virus manufacturers can
strip out information like the referrer what else can they pull out of
the statistics that business to to help understand what is going on with
a web site?

Aaron
 
K

Karl Seguin

Well, I believe that it's an option people can turn on and off (though I
believe it strips it off by default, and many (most?) users wouldn't even
know that it's there). I just don't think that it's NAV's responsability
for helping websites track visits, so long as they don't mess up the
standard HTTP implementation.

This is a lot like google's new web accelerator
(http://webaccelerator.google.com/) which has the potential to really screw
up statistics. But as far as I'm concerned, it isn't google's job (or the
users) to help you collect usage statistics. I agree, as a developer that
it kinda sucks, but that's life on the digital frontier. Should we dislike
routers/proxies because they don't provide us the user's real IP address?
Or dynamic IPs addresses? Their upsides and downsides....

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top