473,324 Members | 2,002 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Request.UrlReferrer and Nortan Internet Security 2005

Has anyone had any experience with Nortan Antivirus causing problems
when trying to use Request.UrlReferrer? I am seeing in the Nortan
Antivirus log that its blocking my page from loading because of a
"Privacy" problem. I don't understand why this is happening because the
code should be compiled and run on the server and this problem is on a
client machine. The only reason that I think its the Request.UrlReferrer
is that if I comment out the lines using Request.UrlReferrer then the
page will load.

Here are some specs on the client.
Windows XP Pro SP2 (also tried SP1)
IE and Firefox
Nortan Internet Security 2005

Here is what the privacy log looks like.

------------------------------------------------------------------
5/18/2005 10:18:33 AM

Supervisor
http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1

Referer
http://server1/WS2/WSLogic/Frames.as...olnago&style=R

Private Data:
Date Time: 5/18/2005 10:18:33 AM
User: Supervisor
Action: Blocked
Type: Referer
URL: http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1
Data: http://server1/WS2/WSLogic/Frames.as...olnago&style=R
------------------------------------------------------------------

Regards,

Aaron
Nov 19 '05 #1
7 10731
If I understand correctly, the page won't load on your client which is
running Norton AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't
sent to the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null
reference error because UrlReferer is null/nothing. You need to program
more defensively. While it's stupid that NAV blocks it, you should never
expect user input (and this is a user input, it's just automatically sent
for the user) to exist. In other words, you simply can't rely on UrlReferer
to exist, and must check for null first.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Aaron Prohaska" <mo******@gmail.com_No_Spam> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Has anyone had any experience with Nortan Antivirus causing problems when
trying to use Request.UrlReferrer? I am seeing in the Nortan Antivirus log
that its blocking my page from loading because of a "Privacy" problem. I
don't understand why this is happening because the code should be compiled
and run on the server and this problem is on a client machine. The only
reason that I think its the Request.UrlReferrer is that if I comment out
the lines using Request.UrlReferrer then the page will load.

Here are some specs on the client.
Windows XP Pro SP2 (also tried SP1)
IE and Firefox
Nortan Internet Security 2005

Here is what the privacy log looks like.

------------------------------------------------------------------
5/18/2005 10:18:33 AM

Supervisor
http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1

Referer
http://server1/WS2/WSLogic/Frames.as...olnago&style=R

Private Data:
Date Time: 5/18/2005 10:18:33 AM
User: Supervisor
Action: Blocked
Type: Referer
URL: http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1
Data: http://server1/WS2/WSLogic/Frames.as...olnago&style=R
------------------------------------------------------------------

Regards,

Aaron

Nov 19 '05 #2
Karl,

I will try and re-write my code so that I don't have to use the referer.
Its a shame because it really made solving a problem a lot easier. This
means I have to start all over with code that was not easy to begin
with. Thank you for the answer though its very helpful.

Regards,

Aaron

Karl Seguin wrote:
If I understand correctly, the page won't load on your client which is
running Norton AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't
sent to the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null
reference error because UrlReferer is null/nothing. You need to program
more defensively. While it's stupid that NAV blocks it, you should never
expect user input (and this is a user input, it's just automatically sent
for the user) to exist. In other words, you simply can't rely on UrlReferer
to exist, and must check for null first.

Karl

Nov 19 '05 #3
What you should do is get in touch with Norton and give them
hell for stripping UrlReferer, which is an innocuous string which
they shouldn't be blocking.

Why simply sit and take it ?

I'd like to know what their reason for blocking it is.


Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Aaron Prohaska" <mo******@gmail.com_No_Spam> wrote in message
news:eR**************@TK2MSFTNGP10.phx.gbl...
Karl,

I will try and re-write my code so that I don't have to use the referer. Its a shame
because it really made solving a problem a lot easier. This means I have to start all
over with code that was not easy to begin with. Thank you for the answer though its very
helpful.

Regards,

Aaron

Karl Seguin wrote:
If I understand correctly, the page won't load on your client which is running Norton
AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't sent to the
web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null reference error
because UrlReferer is null/nothing. You need to program more defensively. While it's
stupid that NAV blocks it, you should never expect user input (and this is a user
input, it's just automatically sent for the user) to exist. In other words, you simply
can't rely on UrlReferer to exist, and must check for null first.

Karl

Nov 19 '05 #4
I see how it can, in some circumstances, be considered private information.
Remember, for every one of us who'd use it legitimitally in our
applications, there's a telemarketter who'd likely like to collect and sell
the information.

Whether you believe it's a privacy matter or not, it IS a user input and
shouldn't be relied upon. As far as I know it isn't a required header off
the http specifications and therefore good applications should be able to
live without it. If you are tracking url referrer within your own site, you
can mimic the behaviour with cookies/sessions. iT's when you want to track
users from another site that your SOL..and though there are certainly
legitimate cases of this, so to are there illegitimate ones...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:O2***************@TK2MSFTNGP12.phx.gbl...
What you should do is get in touch with Norton and give them
hell for stripping UrlReferer, which is an innocuous string which
they shouldn't be blocking.

Why simply sit and take it ?

I'd like to know what their reason for blocking it is.


Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Aaron Prohaska" <mo******@gmail.com_No_Spam> wrote in message
news:eR**************@TK2MSFTNGP10.phx.gbl...
Karl,

I will try and re-write my code so that I don't have to use the referer.
Its a shame because it really made solving a problem a lot easier. This
means I have to start all over with code that was not easy to begin with.
Thank you for the answer though its very helpful.

Regards,

Aaron

Karl Seguin wrote:
If I understand correctly, the page won't load on your client which is
running Norton AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it
isn't sent to the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null
reference error because UrlReferer is null/nothing. You need to program
more defensively. While it's stupid that NAV blocks it, you should
never expect user input (and this is a user input, it's just
automatically sent for the user) to exist. In other words, you simply
can't rely on UrlReferer to exist, and must check for null first.

Karl


Nov 19 '05 #5
I don't know, Karl.

I usually agree with you but, on this one,
we will have to agree to disagree.

Whenever Norton, or any other company, starts telling me what
my privacy concerns are, or should be, it's time to find another
provider for the services the think they're providing, which could be,
more accurately, classified as *disservices*.

At the very least, Norton should provide an *option* to strip UrlReferer,
or not, depending on whatever the client wants his policy to be.

I hate *Big Brother* forcing me to accept *his* privacy parameters.


Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net> wrote in message
news:u%******************@tk2msftngp13.phx.gbl...
I see how it can, in some circumstances, be considered private information. Remember, for
every one of us who'd use it legitimitally in our applications, there's a telemarketter
who'd likely like to collect and sell the information.

Whether you believe it's a privacy matter or not, it IS a user input and shouldn't be
relied upon. As far as I know it isn't a required header off the http specifications and
therefore good applications should be able to live without it. If you are tracking url
referrer within your own site, you can mimic the behaviour with cookies/sessions. iT's
when you want to track users from another site that your SOL..and though there are
certainly legitimate cases of this, so to are there illegitimate ones...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:O2***************@TK2MSFTNGP12.phx.gbl...
What you should do is get in touch with Norton and give them
hell for stripping UrlReferer, which is an innocuous string which
they shouldn't be blocking.

Why simply sit and take it ?

I'd like to know what their reason for blocking it is.


Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Aaron Prohaska" <mo******@gmail.com_No_Spam> wrote in message
news:eR**************@TK2MSFTNGP10.phx.gbl...
Karl,

I will try and re-write my code so that I don't have to use the referer. Its a shame
because it really made solving a problem a lot easier. This means I have to start all
over with code that was not easy to begin with. Thank you for the answer though its
very helpful.

Regards,

Aaron

Karl Seguin wrote:
If I understand correctly, the page won't load on your client which is running Norton
AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't sent to
the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null reference error
because UrlReferer is null/nothing. You need to program more defensively. While
it's stupid that NAV blocks it, you should never expect user input (and this is a
user input, it's just automatically sent for the user) to exist. In other words, you
simply can't rely on UrlReferer to exist, and must check for null first.

Karl



Nov 19 '05 #6
Karl,

If the referrer is striped out doesn't that mean that web site
statistics are now inaccurate as well? If anti virus manufacturers can
strip out information like the referrer what else can they pull out of
the statistics that business to to help understand what is going on with
a web site?

Aaron

Karl Seguin wrote:
I see how it can, in some circumstances, be considered private information.
Remember, for every one of us who'd use it legitimitally in our
applications, there's a telemarketter who'd likely like to collect and sell
the information.

Whether you believe it's a privacy matter or not, it IS a user input and
shouldn't be relied upon. As far as I know it isn't a required header off
the http specifications and therefore good applications should be able to
live without it. If you are tracking url referrer within your own site, you
can mimic the behaviour with cookies/sessions. iT's when you want to track
users from another site that your SOL..and though there are certainly
legitimate cases of this, so to are there illegitimate ones...

Karl

Nov 19 '05 #7
Well, I believe that it's an option people can turn on and off (though I
believe it strips it off by default, and many (most?) users wouldn't even
know that it's there). I just don't think that it's NAV's responsability
for helping websites track visits, so long as they don't mess up the
standard HTTP implementation.

This is a lot like google's new web accelerator
(http://webaccelerator.google.com/) which has the potential to really screw
up statistics. But as far as I'm concerned, it isn't google's job (or the
users) to help you collect usage statistics. I agree, as a developer that
it kinda sucks, but that's life on the digital frontier. Should we dislike
routers/proxies because they don't provide us the user's real IP address?
Or dynamic IPs addresses? Their upsides and downsides....

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Aaron Prohaska" <mo******@gmail.com_No_Spam> wrote in message
news:eF**************@TK2MSFTNGP10.phx.gbl...
Karl,

If the referrer is striped out doesn't that mean that web site statistics
are now inaccurate as well? If anti virus manufacturers can strip out
information like the referrer what else can they pull out of the
statistics that business to to help understand what is going on with a web
site?

Aaron

Karl Seguin wrote:
I see how it can, in some circumstances, be considered private
information. Remember, for every one of us who'd use it legitimitally in
our applications, there's a telemarketter who'd likely like to collect
and sell the information.

Whether you believe it's a privacy matter or not, it IS a user input and
shouldn't be relied upon. As far as I know it isn't a required header off
the http specifications and therefore good applications should be able to
live without it. If you are tracking url referrer within your own site,
you can mimic the behaviour with cookies/sessions. iT's when you want to
track users from another site that your SOL..and though there are
certainly legitimate cases of this, so to are there illegitimate ones...

Karl

Nov 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: TC | last post by:
Hello All, I have recently had the pleasure of installing Norton Internet Security 2005 and finding that I can no longer create or open a web-based application in Visual Studio .Net. The IDE...
9
by: =?Utf-8?B?b2xkbWFu?= | last post by:
I m using a Packard Bell Easy Note MV preloaded with Windows XP HE with SP2 and NIS 2005 . I have to uninstal the NIS because everytime I am online (via WIFI) NIS keeps poping up with messages for...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.