|First posted Nov 6, 2006|
Last update Feb 8, 2010
ProblemIf you are not seeing any pictures at all on my site, except maybe the webcams, the reason is simple, but the explanation is complicated.
ReasonYour firewall is replacing the html header referring page field with an advertisement for itself.
Another important component in the html header is the refering page field which contains the address of the page you were viewing which requested this file. If you clicked a link which sent you here, that page's address is included. For an image, the referring page would be the page the image is shown on.
This is what your computer is reporting as your referring page, which would be the page you just came from.
The referring page data is very useful in analyzing the traffic to my website. For example if you clicked a link which pointed to a missing page (Error 404, file not found) I can find the referring page with the defective link and fix it.
Bandwidth or more accurately, data transfer
While bandwidth theft is not illegal, it is generally considered unethical. Imagine hundreds of people using your cell phone without your permission. I recently helped a friend revamp his site. After analyzing his log files, we realized his bandwidth theft was 70 times the data transfer his actual site was consuming, and that was from only 2 pictures being embedded on numerous MySpace blogs. Luckily his site was very small and the total data transfer was still below his allotment. There are over 1.1 gigs of files on CowboyFrank.net, and my in-house data transfer takes 85% of my monthly allotment. I can't afford any bandwidth theft.
SolutionsAt one time I had passwords on my picture files, but that required my visitors to enter a username and password before they could see my galleries. In addition, due to some technical issues, I was unable to protect pictures on the main index or thumbnail pages with that system. I had a lot of bandwidth theft from those areas I couldn't password protect, and I spent allot of time moving files around trying to stay ahead of the bandwidth thieves.
Around the middle of 2006, I discovered a way to use the referring page header information to control access. My server analyzes the referring page field, if the field indicates the page containing the image is located on CowboyFrank.net, or the field data is missing, then the image is sent to the visitor. If the referring page field contains anything else, the image is refused. This puts an additional workload on my server, but has completely eliminated all my bandwidth theft.
If you have a blog on MySpace.com and you try to embed a photo from my server in your "space", the header lists the referring page as being on "MySpace.com" rather then "CowboyFrank.net", so my server refuses to deliver the image.
Your problemIf you are unable to see my pictures, your firewall is not just blocking the referring page header field, it is actually relacing it, usually with an advertisement for itself. I frequently see lines in my logs such as "field blocked by *#%@ firewall". This doesn't match "CowboyFrank.net" so my server refuses the request for the image. If your firewall was just blocking the field, leaving it blank, my server would have sent you the image and you wouldn't be reading this.
What can you do?Tell your firewall not to block that portion of the html header, or better yet, get another firewall which isn't trying to promote itself to all the websites you visit. (I might call that reverse popup advertising) The firewall contained in Windows XP SP2 is decent and is part of your operating system. Most of the commercially available firewalls are also good. It is just a few that think they need to stick their name in web server logs which are only seen by an extremely small number of people.
I am told by a visitor that in Zone Alarm the option to show headers is right next to persistent cookies and web bugs.