Hotlink protection and empty referers

[bogus]

As a general trend, we see more and more hits which http headers contain no or an empty REFERER (up to 50%). Obviously, some browsers or third party software (anti spyware ? anti ads ?) are blocking them, even when navigating within the same site.

How does your hotlink protection cope with these : allow or forbid ?

 

[mistwang]

That's true, norton and mcafee personal firewall remove REFERER header, and you have to allow direct access in hotlink protection in order not to block users using those kind of software, on the other hand, it will defeat the purpose of hotlink protection to some extent.

There is no good solution for REFERER based hotlink checking algorithm I could think of. A possible but not perfect solution is to check whether a HTML page has been requested from that IP address in the past few seconds (assuming images and HTML pages are on the same server).

If you have any good suggestion please let us know.

Best regards,
George