Htaccess / Norton question


#1

I’ve managed to add a .htaccess file that manages to keep ~80% of users from seeing hotlinked files. In trying some test posts on some friends via a blog hosted elsewhere I’ve discovered the 20% that view the correct image file instead of the redirect are using Norton security. This is apparently due to whatever Norton does with the HTTP_REFERER lines (I’m no genius with this) from my research.

This is the file I’m using:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?viggofanbase.com(/)?.$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?p208.ezboard.com(/)?.
$ [NC]
RewriteRule .*.(gif|jpg|bmp|png|mp3|mpg|avi|mov)$ http://viggofanbase.com/hotlink/viggofanbase.jpe [R,NC]
Options -Indexes

Is there a way to block the Norton users from viewing the hotlinked images unless of course they are looking directly at the site?


#2

Not easily since HTTP is stateless.

Conceivably you could set a cookie and have the site check for the existence of the cookie.

One can also monitor the requests and attempt to determine if a request is the result of a “session” (eg, visitor going to home page, then gallery page, then picture page)

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7


#3

I wasn’t aware of this issue with Norton, and I’m assuming other security software until I set this up the other week. It makes me wonder if the .htaccess hotlinking will be rendered useless when more people are using security / privacy software.


#4

I have known about Norton blocking the referer header for quite awhile. The only reason I have known this is I have a icon on my web site for w3c validator. The validator will not work through the link unless Norton is disabled.
Silk

My website


#5

Try deleting this line:

RewriteCond %{HTTP_REFERER} !^$

I think Norton security makes the referrer info blank, which that line allows for.


Thu


#6

That seems to have done the trick with those that could see the original pic before. Thank you!