You certainly heard of Google Web Accelerator and why it can cause problems with some web-applications due to its prefetching. I won't go into any details here, it's well covered on other sites. But there's an easy solution to prevent prefetching on your site with the help of mod_rewrite. The following lines will just send a "401 Access
Denied"
when the "x-moz: prefetch" header is present in the request (and hits an admin area link):

RewriteCond %{HTTP:x-moz} ^prefetch
RewriteRule ^/*admin/.* - [F,L]

Even though we send now an "Access Denied" to the proxy, it will try to fetch the page again, when the user actually clicks on the link. I'm not sure, if this is how it's supposed to be, but Google says it's their recommended way.

I added this to the standard .htaccess file of BxCMS, even 'though I can't think of a scenario, where we do content-changing stuff with just a simple GET request (except the logout...). But better play safe than sorry ;)

(Hint found on Planet OSCOM from the SyntaxCMS Blog)

Update: [F] means "403 Forbidden" not "401 Access Denied". Still not sure, if it's the correct way... Thanks Nico for providing more info on that. I will follow the discussion..

Nico Edtinger @ 12.05.2005 13:28 CEST
IMHO 401 is not the right response code. It means the client may only repeat the request with authorization. Better alternatives are 412 Precondition Failed or maybe 409 Conflict. For HTTP 1.0 400 seems the best, as it allows to repeat the request with modifications.

b4n

Martin Jansen @ 12.05.2005 21:26 CEST
I wrote a simple Apache 1.3.x module that does the same but without the overhead that is imposed by launching mod_rewrite:

http://www.divbyzero.net/code/mod_no_prefetch/

chregu @ 12.05.2005 23:45 CEST
Martin: I use mod_rewrite anyway, so there's no penalty for me. But nice idea and thanks for the link.

The Ghost of PT Barnum @ 24.09.2006 08:17 CEST
Giggling Madly Here - PT Barnum Would Have So Been Proud!

This is a great program for those users who don't know anything at all regarding how computers and/or the internet actually works, and who just want to experience the "feel good illusion" of (not really) increased speed by having this entirely useless acceleration program on their hard drive.

I always laugh out loud whenever anyone proudly exclaims: "The program 'says' I saved 6.9 hours, so I'm very satisfied!" Big deal; the program could also say: "You're now twice as good-looking" or perhaps even "Congratulations you’re a millionaire!" Without being able to verify any programs' "claims" (or better put 'assertions'); it is just that: A totally unverifiable assertion!

Still you've got to admire Google's chutzpa here! I'm guessing that it has to be the most hilarious bit of shell-game spyware ever invented by any company in the entire history of computer or Internet use and development.

Very clever really, when you consider that the trade off is that users "think" they're getting "increased" internet speed; in exchange for revealing exact the name of every single webpage that you ever visit from the moment that you install Google Web Accelerator until (hopefully) the moment you wise up and remove it.

After Google Web Accelerator is installed it does absolutely nothing to improve browsing. Also Google Web Accelerator collects copies of web pages, (including prefetched pages that you did not even visit), in the Google Web Accelerator cache on your computer.

All this does in effect; is collect and store a gazillion MB of temp files every time you use it for a session of surfing. Try using something like CCleaner after running Google Web Accelerator and browsing the internet for a few hours and see the results for yourself!

And Google gets to know the exact the name of every single webpage that you ever visit for products, news, banking, whatever! This is very valuable information to have; not only does Google know everything you click on, but you get absolutely nothing in return for this info.

Finally, Google admits on their own support page that any and all passwords, e-mail addresses etc. you enter in a web form (e. g. when purchasing an item online) will be funneled via their systems. If you enter personally identifiable information (such as an email address) onto a form on an unencrypted web page, the sites will send this information through Google.

Had he lived long enough to see this, P.T. Barnum; the person who coined the phrase: "A Sucker is Born Every Minute" would most certainly consider those who download, install and leave this program on their computers to be suckers indeed!