Forums

WordPress › Support » Multisite

[resolved] blogs.dir image URL inaccessible to OTHER Domains (only blog can access it) (13 posts)

  1. volleyballmaniac
    Member
    Posted 11 months ago #

    Hi Ladies & Gents,

    I always follow responses till the end, so you're not wasting time helping me (unlike other ungrateful question-askers who just disappear).

    The crux of the issue is that WP seems to be blocking access to an image, unless I use the Blog URL that uploaded the image.

    Perhaps a security thing?

    A REAL-WORLD EXAMPLE:

    Link Using Blog URL that uploaded image: (Works)
    http://pbsguam.cmsadminpanel.com/wp-content/blogs.dir/74/files/2011/06/2011-06-19-4-39-19Mes-Diaz-175x175.jpg

    Link from Parent Network of the Subdomain above: (No Workie)
    http://cmsadminpanel.com/wp-content/blogs.dir/74/files/2011/06/2011-06-19-4-39-19Mes-Diaz-175x175.jpg
    - all I did was remove subdomain from URL

    I ran into this issue while trying to setup Amazon Cloudfront Custom Origin:

    Cloudfront Custom Origin Link: (No Workie)
    d2ay33tzsh7115.cloudfront.net/wp-content/blogs.dir/74/files/2011/06/2011-06-19-4-39-19Mes-Diaz-175x175.jpg

    If anyone answers this question, I'll take you out for free beers if you're ever in Las Vegas.

    UPDATE:
    - I do not have any anti-Hotlinker entries in htaccess

  2. volleyballmaniac
    Member
    Posted 11 months ago #

    TROUBLESHOOTING UPDATE

    Still not working.

    I've tried the following using my CloudFront URL:

    I traced the image down the folder path to find out where it breaks (it appears to be breaking at /files/ folder).

    Note that working examples below may break soon, as I might remove that test img, but please be assured that they did work when I tested.

    Works
    http://d2ay33tzsh7115.cloudfront.net/wp-content/blogs.dir/body_bg.jpg

    Works
    http://d2ay33tzsh7115.cloudfront.net/wp-content/blogs.dir/9/body_bg.jpg

    Broken
    http://d2ay33tzsh7115.cloudfront.net/wp-content/blogs.dir/9/files/body_bg.jpg

    So since it is breaking at the /files/ folder, it might have something to do with these files:
    - wp-admin\includes\ms.php
    - wp-includes\includes\ms-default-constants.php

    ----------------------------------------------------------------

    Additionally, I've also tried CHMOD the permissions of the files/ folder (and all subfoders & files) to 777, but that had no effect.

  3. Andrea_r
    team pirate
    Posted 11 months ago #

    I've seen stuff screw up when people have an actual folder somewhere in the install called /files/. Can you check for one?

  4. volleyballmaniac
    Member
    Posted 11 months ago #

    Yay, Andrea Rennick responded to my posting!

    Sorry, I get all weird around Web Celebrities ;-)

    As you instructed, I did a desktop search (of a downloaded copy of my install folder), for every instance of "files".

    The only results returned were those in the blogs.dir\BLOG_ID\files.

    I also did a manual inspection, and could not find any other folders named "files".

    -----------------------------------------------------------

    Just a hunch, but could this "block unless uploading Blog is in Base URL" actually be a feature that was put in to block Hotlinking?

    It actually makes a lot of sense (until you try to use Cloudfront Origin Pull).

  5. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 11 months ago #

    block unless uploading Blog is in Base URL"

    That SOUNDS like 'Don't let jiggertyfoobar.com get images from foobartyjigger.com' which is what I use myself. Can you turn it off to test?

  6. volleyballmaniac
    Member
    Posted 11 months ago #

    Hi Ipstenu,

    Nice to bump into another WebCeleb (2 in one day, gee I feel special).

    Can you turn it off to test?

    Are you referring to Cloudfront? (my install is not currently linked)

    If not, please let me know what I should turn off.

    Just a note, that I don't currently have any anti-hotlinking code in htaccess. (never worked on my install anyway).

    If you'd like I can PM you a copy of my htaccess to see if it's something in there causing it. I've tried manually removing each item in there piece-by-piece, but still no JOY.

  7. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 11 months ago #

    Not cloudfront, the hotlinking aspect of it... Whatever it is.

    (I've only ever used .htaccess since ... er ... 2002? http://perishablepress.com/press/2007/11/21/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ )

    That said, I highly doubt it's the .htaccess.

    And I totally know what you mean about WP 'celebs' showing up ;) I still grin when they talk to me! (Hey! Andrea! We're celebrities!)

  8. volleyballmaniac
    Member
    Posted 11 months ago #

    SUCCESS!!

    Okay, this is embarrassing............Remember this:

    I've tried manually removing each item in there piece-by-piece, but still no JOY.

    Well the reason that didn't work is because I actually had the offending item in htacess in 2 different places.

    Here it is:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

    Using my not-so-powerful memory as a reference (also the notes in htaccess), I recall that this was a "security" entry that was suggested in the WP README.txt when I first installed MU many moons ago.

    (could be wrong though).

    -------------------------------------------------

    Besides the fact that my files can now be hotlinked......
    Anyone have an idea of the repercussions of removing this line from htaccess?

    ------------------------------------------------

    BTW, Andrea & Ipstenu my offer still stands: if either of you are ever in Vegas, PM me, and beers are on me. (sorry doesn't include slots money, haha).

  9. volleyballmaniac
    Member
    Posted 11 months ago #

    Followup:

    It would appear that:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

    .......is a necessary entry to have in htaccess if you want the Blog to access it's uploaded image (using its URI).

    Without it, Deprecated URL-path breaks on regular blog, http://site.com/files/2010........

    However, Regular URL-path still works though, http://site.com/wp-content/blogs.dir/23/files/2010........

    So my choices:
    1. Delete entry, and use Cloudfront to serve Static content

    2. Leave htaccess entry, and not have Cloudfront

    I'm going with Choice #1, however I realize that this is not a wholly proper solution to the issue.

  10. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 11 months ago #

    Hrm. What's your FULL .htaccess? You can post it here or on pastebin if it's really big.

  11. Andrea_r
    team pirate
    Posted 11 months ago #

    And I totally know what you mean about WP 'celebs' showing up ;) I still grin when they talk to me! (Hey! Andrea! We're celebrities!)

    Waht? Us? No way, I'm someone's Mother for cryin' out loud... ;D

  12. Curtiss Grymala
    Member
    Posted 11 months ago #

    @Andrea - So is Blythe Danner; that doesn't make her any less of a celeb. :)

    @volleyballmaniac - Try putting this line in your .htaccess file, directly under the first rule (which should be something like RewriteRule ^index\.php%):

    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    Notice that that rule differs slightly from the rule you originally had in your .htaccess file. Also, I am fairly certain that the order of the rules is important.

    If that still fails, try recreating your .htaccess file from scratch. Create a blank file with the following text (don't upload it to your server yet):

    # BEGIN WordPress
# END WordPress

    Then, go to Network Admin -> Settings -> Network Setup (if you don't see that option, try adding define('WP_ALLOW_MULTISITE',true); back into your wp-config.php file) and copy the .htaccess stuff from that page into the blank file you created (in between the 2 lines I told you to put in in the first place).

  13. volleyballmaniac
    Member
    Posted 11 months ago #

    @Curtiss
    Yes! Whatever magic you did there seemed to work. I can now access using the deprecated file path (site.com/files/....), and also access with other URI's (like Cloudfront).

    I call it 'magic' because I can't explain it, but it works.

    Add yourself to the "owed beers when in Vegas" List (see my first post).

    @Andrea
    Just a heads up that the paparazzi often don Polar Bear costumes up north. So that innocent-looking bear pooping in your backyard, might actually be a photog from TechCrunch.

    @Ipstenu
    Yeah, I was actually going to do it, until Curtiss' post. Thanks for your help though young lady (yes, I read your About page).

    Sidenote: Accidental Discovery of Anti-Hotlinking Technique
    So for anyone not wanting to use CDN Origin Pull, it would appear that the code I had in my htaccess, was an awesome, amazingly-easy way to block Hotlinking:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
    *I still have no idea where I got it from

    It won't work for my needs, however, because I am using CDN Origin Pull.

    TLDR Summary (if you found this thread having CDN issues)
    - This code below (in htaccess) seems to block all URI's except the Blog that uploaded the file:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L

    - Curtiss Grymala supplied an alternative to it, which seems to allow other URI's to access your the Uploaded Files of a blog:
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    - Utilize Curtiss' code if you are trying to get a CDN Origin Pull working.

Reply

You must log in to post.

About this Topic

Tags