0

I have a strange problem with Apache and/or PHP that is driving me nuts. Before I explain the problem here is everything I know about the environment.

The Environment

OS: Ubuntu SMP x84_64
Apache Version: 2.x
PHP Version: 4.4.9-nmm4

It is a shared hosting plan so I don't have access to a shell.

The Problem

Apache/PHP does not display any pictures if they are referenced by the website itself (<img src="..." />). All image request return 403 "Forbidden". But if you copy the path of the requested image and browse there directly the image is displayed. No problems at all.

So I can conclude that the image is accessible for Apache. I do use a .htaccess file:

# BEGIN s9y
DirectoryIndex /index.php

<Files *.tpl.php>
  deny from all
</Files>

<Files *.tpl>
  deny from all
</Files>

<Files *.sql>
  deny from all
</Files>

<Files *.inc.php>
  deny from all
</Files>

<Files *.db>
  deny from all
</Files>

# END s9y

AddHandler php4-cgi .php

As you can see nothing regarding images. No rewrite rules or anything like that.

What I have tried so far

So far I googled a lot and found some hints suggesting that setting the directives EnableSendfile and EnableMMAP to Off could help. I tried that but nothing happened. My guess is that I would have to restart Apache for them to take effect. But as I said earlier this is a shared hosting plan. I can't restart Apache.

I hope someone can help me :)

Solution

The solution to my problem is very easy. As both answers suggest the problem lies with hot link protection. Weird enough, the protection is made in a another project in the same account for another domain. I removed the hot link protection from the .htaccess file and now it works again.

Special thanks to Igor. He and I worked out the problem in irc. That's the reason why I marked his answer to be the correct answer to my question.

Jens
  • 113
  • 2
  • 7

2 Answers2

3

The description of your error makes me think you have incorrectly configured referrer matching. It's not uncommon to add referrer matching in an attempt to prevent hotlinking to reduce your bandwidth costs. Empty referrers are usually allowed and, of course, your site should be allowed. All others are usually denied.

It seems like the regex that should match your site isn't matching your site. When you make the same request with no referrer, it works.

Seeing as you're on shared hosting and have no shell access, you will probably have to ask your provider about this. Ask them if they have any hotlink protection and if they do, ask them to check that it's working properly.

If you want to rule out the possibility that your .htaccess file is the problem, try removing it or commenting out parts of it and see if your images work. If they still don't then the .htaccess file is not the problem.

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
2

To repeat my question from IRC: What, exactly, does the error log say?

Well, duh. -- With no error-log provided, I used my magical powers to debug this issue (Opera's Dragonfly). I noticed that, lo-and-behold, it was indeed perfectly consistent.

Each image would 403, unless called directly.

I tried to repro on the commandline, and managed to with this:

igalic@resix:~$ curl -H"Referer: http://www.example.org/" -i http://www.example.org/foobar.jpg
HTTP/1.1 403 Forbidden

From this I concluded that there was some Hot-Link protection which obviously used the wrong URL as Referer.

Igor Galić
  • 79
  • 7