I have had two recent comments that my photos are x'd out. Here's the most interesting one

"None of your photos or other images are showing in my IE6 browser. I have found out that if I turn off the Browser Privacy setting in Privacy Control in Norton Internet Security then the photos display fine, but I don\'t want to do that as according to the help this setting does the following:

Enable Browser Privacy: Prevents a Web site from retrieving your email address or the address of the last Web site visited."

I know EE is NOT placing cookies or collecting email addresses but Norton seems to think so. Is anybody else experiencing these types of comments? BTW, my htaccess file has the following code to prevent other web sites from linking directly to images on my server. Can anybody see any thing in here that might cause this problem - Thanks - Steve

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://sphoto.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://sphoto.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sphoto.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.sphoto.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://66.192.180.232/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://66.192.180.232$ [NC]
RewriteCond %{REMOTE_ADDR} !^66\.192\.180\.232$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

I know EE is NOT placing cookies or collecting email addresses but Norton seems to think so.actually, it is possible that EE is causing cookies to be set... to clarify, PHP session ids can be passed via the URL or can be set and read by cookies... i've not (in a while) dug that far into EE's code but it is possible that this is what is happening if pekka is using sessions for anything...

EE does not use ANY cookies, or PHP session id's. I would try the site once without the RewriteEngine stuff to see if that makes a difference.

EE does not use ANY cookies, or PHP session id's. I would try the site once without the RewriteEngine stuff to see if that makes a difference.thanks, pekka... i just hadn't dug into the code to look if there was any session init stuffs...

in rereading stevehof's original message, i reread this...
Enable Browser Privacy: Prevents a Web site from retrieving your email address or the address of the last Web site visited."namely the "last Web site visited" portion... that indicates that his norton is blocking the referrer information... nothing to do with cookies...

pekka is the only one who can tell if EE uses referrer info...

stevehof is the only one who can tell if his server config requires certain referrer info to be present... according to the rewrite rules, stevehof's system does look at the referrer info... i don't run norton stuff and haven't in many years since their original DOS based virus scanner went belly up with bloat much like many other old time apps have done... however, i believe that it is one (if not /the/) tool that alters the referrer field to contain "xxxx://++++++++++++++++++++++++++++" type mess... i don't know how many +'s are put in or if there are the same amount every time...

i don't have access to my server, ATM, or i'd post my rewrite rules that block referrers like that... stevehof could then use that rule to redirect folk to another page explaining what is happening and request them to turn off such filtering so that his site works as designed...

stevehof, hopefully this will help to point you in the right direction to fix the problem you are seeing...

I know this problem with norton security, it blocks referer info, that's why the rewrite engine won't work, nothing to do with EE imho.

Alex