Request.UrlReferrer and Nortan Internet Security 2005

Has anyone had any experience with Nortan Antivirus causing problems
when trying to use Request.UrlReferrer? I am seeing in the Nortan
Antivirus log that its blocking my page from loading because of a
"Privacy" problem. I don't understand why this is happening because the
code should be compiled and run on the server and this problem is on a
client machine. The only reason that I think its the Request.UrlReferrer
is that if I comment out the lines using Request.UrlReferrer then the
page will load.

Here are some specs on the client.
Windows XP Pro SP2 (also tried SP1)
IE and Firefox
Nortan Internet Security 2005

Here is what the privacy log looks like.

------------------------------------------------------------------
5/18/2005 10:18:33 AM

Supervisor
http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1

Referer
http://server1/WS2/WSLogic/Frames.as...olnago&style=R

Private Data:
Date Time: 5/18/2005 10:18:33 AM
User: Supervisor
Action: Blocked
Type: Referer
URL: http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1
Data: http://server1/WS2/WSLogic/Frames.as...olnago&style=R
------------------------------------------------------------------

Regards,

Aaron

re: Request.UrlReferrer and Nortan Internet Security 2005

If I understand correctly, the page won't load on your client which is
running Norton AntiVirus (NAV)?

When running NAV, it strips out the referer from your request..so it isn't
sent to the web server.

If you are doing Request.UrlReferer.ToString() then you'll get a null
reference error because UrlReferer is null/nothing. You need to program
more defensively. While it's stupid that NAV blocks it, you should never
expect user input (and this is a user input, it's just automatically sent
for the user) to exist. In other words, you simply can't rely on UrlReferer
to exist, and must check for null first.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Aaron Prohaska" <mohaaron@gmail.com_No_Spam> wrote in message
news:uKbIwL9WFHA.2776@TK2MSFTNGP12.phx.gbl...[color=blue]
> Has anyone had any experience with Nortan Antivirus causing problems when
> trying to use Request.UrlReferrer? I am seeing in the Nortan Antivirus log
> that its blocking my page from loading because of a "Privacy" problem. I
> don't understand why this is happening because the code should be compiled
> and run on the server and this problem is on a client machine. The only
> reason that I think its the Request.UrlReferrer is that if I comment out
> the lines using Request.UrlReferrer then the page will load.
>
> Here are some specs on the client.
> Windows XP Pro SP2 (also tried SP1)
> IE and Firefox
> Nortan Internet Security 2005
>
> Here is what the privacy log looks like.
>
> ------------------------------------------------------------------
> 5/18/2005 10:18:33 AM
>
> Supervisor
> http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1
>
> Referer
> http://server1/WS2/WSLogic/Frames.as...olnago&style=R
>
> Private Data:
> Date Time: 5/18/2005 10:18:33 AM
> User: Supervisor
> Action: Blocked
> Type: Referer
> URL: http://server1/WS2/WSLogic/Frame.asp...&style=R&num=1
> Data: http://server1/WS2/WSLogic/Frames.as...olnago&style=R
> ------------------------------------------------------------------
>
> Regards,
>
> Aaron[/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

Karl,

I will try and re-write my code so that I don't have to use the referer.
Its a shame because it really made solving a problem a lot easier. This
means I have to start all over with code that was not easy to begin
with. Thank you for the answer though its very helpful.

Regards,

Aaron

Karl Seguin wrote:[color=blue]
> If I understand correctly, the page won't load on your client which is
> running Norton AntiVirus (NAV)?
>
> When running NAV, it strips out the referer from your request..so it isn't
> sent to the web server.
>
> If you are doing Request.UrlReferer.ToString() then you'll get a null
> reference error because UrlReferer is null/nothing. You need to program
> more defensively. While it's stupid that NAV blocks it, you should never
> expect user input (and this is a user input, it's just automatically sent
> for the user) to exist. In other words, you simply can't rely on UrlReferer
> to exist, and must check for null first.
>
> Karl
>[/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

What you should do is get in touch with Norton and give them
hell for stripping UrlReferer, which is an innocuous string which
they shouldn't be blocking.

Why simply sit and take it ?

I'd like to know what their reason for blocking it is.




Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Aaron Prohaska" <mohaaron@gmail.com_No_Spam> wrote in message
news:eRviga9WFHA.1040@TK2MSFTNGP10.phx.gbl...[color=blue]
> Karl,
>
> I will try and re-write my code so that I don't have to use the referer. Its a shame
> because it really made solving a problem a lot easier. This means I have to start all
> over with code that was not easy to begin with. Thank you for the answer though its very
> helpful.
>
> Regards,
>
> Aaron
>
> Karl Seguin wrote:[color=green]
>> If I understand correctly, the page won't load on your client which is running Norton
>> AntiVirus (NAV)?
>>
>> When running NAV, it strips out the referer from your request..so it isn't sent to the
>> web server.
>>
>> If you are doing Request.UrlReferer.ToString() then you'll get a null reference error
>> because UrlReferer is null/nothing. You need to program more defensively. While it's
>> stupid that NAV blocks it, you should never expect user input (and this is a user
>> input, it's just automatically sent for the user) to exist. In other words, you simply
>> can't rely on UrlReferer to exist, and must check for null first.
>>
>> Karl
>>[/color][/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

I see how it can, in some circumstances, be considered private information.
Remember, for every one of us who'd use it legitimitally in our
applications, there's a telemarketter who'd likely like to collect and sell
the information.

Whether you believe it's a privacy matter or not, it IS a user input and
shouldn't be relied upon. As far as I know it isn't a required header off
the http specifications and therefore good applications should be able to
live without it. If you are tracking url referrer within your own site, you
can mimic the behaviour with cookies/sessions. iT's when you want to track
users from another site that your SOL..and though there are certainly
legitimate cases of this, so to are there illegitimate ones...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Juan T. Llibre" <nomailreplies@nowhere.com> wrote in message
news:O2waJP%23WFHA.612@TK2MSFTNGP12.phx.gbl...[color=blue]
> What you should do is get in touch with Norton and give them
> hell for stripping UrlReferer, which is an innocuous string which
> they shouldn't be blocking.
>
> Why simply sit and take it ?
>
> I'd like to know what their reason for blocking it is.
>
>
>
>
> Juan T. Llibre
> ASP.NET MVP
> http://asp.net.do/foros/
> Foros de ASP.NET en Español
> Ven, y hablemos de ASP.NET...
> ======================
>
> "Aaron Prohaska" <mohaaron@gmail.com_No_Spam> wrote in message
> news:eRviga9WFHA.1040@TK2MSFTNGP10.phx.gbl...[color=green]
>> Karl,
>>
>> I will try and re-write my code so that I don't have to use the referer.
>> Its a shame because it really made solving a problem a lot easier. This
>> means I have to start all over with code that was not easy to begin with.
>> Thank you for the answer though its very helpful.
>>
>> Regards,
>>
>> Aaron
>>
>> Karl Seguin wrote:[color=darkred]
>>> If I understand correctly, the page won't load on your client which is
>>> running Norton AntiVirus (NAV)?
>>>
>>> When running NAV, it strips out the referer from your request..so it
>>> isn't sent to the web server.
>>>
>>> If you are doing Request.UrlReferer.ToString() then you'll get a null
>>> reference error because UrlReferer is null/nothing. You need to program
>>> more defensively. While it's stupid that NAV blocks it, you should
>>> never expect user input (and this is a user input, it's just
>>> automatically sent for the user) to exist. In other words, you simply
>>> can't rely on UrlReferer to exist, and must check for null first.
>>>
>>> Karl
>>>[/color][/color]
>
>[/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

I don't know, Karl.

I usually agree with you but, on this one,
we will have to agree to disagree.

Whenever Norton, or any other company, starts telling me what
my privacy concerns are, or should be, it's time to find another
provider for the services the think they're providing, which could be,
more accurately, classified as *disservices*.

At the very least, Norton should provide an *option* to strip UrlReferer,
or not, depending on whatever the client wants his policy to be.

I hate *Big Brother* forcing me to accept *his* privacy parameters.




Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
======================

"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net> wrote in message
news:u%23k4uT%23WFHA.3876@tk2msftngp13.phx.gbl...[color=blue]
>I see how it can, in some circumstances, be considered private information. Remember, for
>every one of us who'd use it legitimitally in our applications, there's a telemarketter
>who'd likely like to collect and sell the information.
>
> Whether you believe it's a privacy matter or not, it IS a user input and shouldn't be
> relied upon. As far as I know it isn't a required header off the http specifications and
> therefore good applications should be able to live without it. If you are tracking url
> referrer within your own site, you can mimic the behaviour with cookies/sessions. iT's
> when you want to track users from another site that your SOL..and though there are
> certainly legitimate cases of this, so to are there illegitimate ones...
>
> Karl
>
> --
> MY ASP.Net tutorials
> http://www.openmymind.net/ - New and Improved (yes, the popup is
> annoying)
> http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
> come!)
> "Juan T. Llibre" <nomailreplies@nowhere.com> wrote in message
> news:O2waJP%23WFHA.612@TK2MSFTNGP12.phx.gbl...[color=green]
>> What you should do is get in touch with Norton and give them
>> hell for stripping UrlReferer, which is an innocuous string which
>> they shouldn't be blocking.
>>
>> Why simply sit and take it ?
>>
>> I'd like to know what their reason for blocking it is.
>>
>>
>>
>>
>> Juan T. Llibre
>> ASP.NET MVP
>> http://asp.net.do/foros/
>> Foros de ASP.NET en Español
>> Ven, y hablemos de ASP.NET...
>> ======================
>>
>> "Aaron Prohaska" <mohaaron@gmail.com_No_Spam> wrote in message
>> news:eRviga9WFHA.1040@TK2MSFTNGP10.phx.gbl...[color=darkred]
>>> Karl,
>>>
>>> I will try and re-write my code so that I don't have to use the referer. Its a shame
>>> because it really made solving a problem a lot easier. This means I have to start all
>>> over with code that was not easy to begin with. Thank you for the answer though its
>>> very helpful.
>>>
>>> Regards,
>>>
>>> Aaron
>>>
>>> Karl Seguin wrote:
>>>> If I understand correctly, the page won't load on your client which is running Norton
>>>> AntiVirus (NAV)?
>>>>
>>>> When running NAV, it strips out the referer from your request..so it isn't sent to
>>>> the web server.
>>>>
>>>> If you are doing Request.UrlReferer.ToString() then you'll get a null reference error
>>>> because UrlReferer is null/nothing. You need to program more defensively. While
>>>> it's stupid that NAV blocks it, you should never expect user input (and this is a
>>>> user input, it's just automatically sent for the user) to exist. In other words, you
>>>> simply can't rely on UrlReferer to exist, and must check for null first.
>>>>
>>>> Karl
>>>>[/color]
>>
>>[/color]
>
>[/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

Karl,

If the referrer is striped out doesn't that mean that web site
statistics are now inaccurate as well? If anti virus manufacturers can
strip out information like the referrer what else can they pull out of
the statistics that business to to help understand what is going on with
a web site?

Aaron

Karl Seguin wrote:[color=blue]
> I see how it can, in some circumstances, be considered private information.
> Remember, for every one of us who'd use it legitimitally in our
> applications, there's a telemarketter who'd likely like to collect and sell
> the information.
>
> Whether you believe it's a privacy matter or not, it IS a user input and
> shouldn't be relied upon. As far as I know it isn't a required header off
> the http specifications and therefore good applications should be able to
> live without it. If you are tracking url referrer within your own site, you
> can mimic the behaviour with cookies/sessions. iT's when you want to track
> users from another site that your SOL..and though there are certainly
> legitimate cases of this, so to are there illegitimate ones...
>
> Karl
>[/color]

re: Request.UrlReferrer and Nortan Internet Security 2005

Well, I believe that it's an option people can turn on and off (though I
believe it strips it off by default, and many (most?) users wouldn't even
know that it's there). I just don't think that it's NAV's responsability
for helping websites track visits, so long as they don't mess up the
standard HTTP implementation.

This is a lot like google's new web accelerator
(http://webaccelerator.google.com/) which has the potential to really screw
up statistics. But as far as I'm concerned, it isn't google's job (or the
users) to help you collect usage statistics. I agree, as a developer that
it kinda sucks, but that's life on the digital frontier. Should we dislike
routers/proxies because they don't provide us the user's real IP address?
Or dynamic IPs addresses? Their upsides and downsides....

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Aaron Prohaska" <mohaaron@gmail.com_No_Spam> wrote in message
news:eFy$kTAXFHA.3532@TK2MSFTNGP10.phx.gbl...[color=blue]
> Karl,
>
> If the referrer is striped out doesn't that mean that web site statistics
> are now inaccurate as well? If anti virus manufacturers can strip out
> information like the referrer what else can they pull out of the
> statistics that business to to help understand what is going on with a web
> site?
>
> Aaron
>
> Karl Seguin wrote:[color=green]
>> I see how it can, in some circumstances, be considered private
>> information. Remember, for every one of us who'd use it legitimitally in
>> our applications, there's a telemarketter who'd likely like to collect
>> and sell the information.
>>
>> Whether you believe it's a privacy matter or not, it IS a user input and
>> shouldn't be relied upon. As far as I know it isn't a required header off
>> the http specifications and therefore good applications should be able to
>> live without it. If you are tracking url referrer within your own site,
>> you can mimic the behaviour with cookies/sessions. iT's when you want to
>> track users from another site that your SOL..and though there are
>> certainly legitimate cases of this, so to are there illegitimate ones...
>>
>> Karl
>>[/color][/color]