[resolved] blogs.dir image URL inaccessible to OTHER Domains (only blog can access it) (13 posts)

  1. volleyballmaniac
    Posted 5 years ago #

    Hi Ladies & Gents,

    I always follow responses till the end, so you're not wasting time helping me (unlike other ungrateful question-askers who just disappear).

    The crux of the issue is that WP seems to be blocking access to an image, unless I use the Blog URL that uploaded the image.

    Perhaps a security thing?


    Link Using Blog URL that uploaded image: (Works)

    Link from Parent Network of the Subdomain above: (No Workie)
    - all I did was remove subdomain from URL

    I ran into this issue while trying to setup Amazon Cloudfront Custom Origin:

    Cloudfront Custom Origin Link: (No Workie)

    If anyone answers this question, I'll take you out for free beers if you're ever in Las Vegas.

    - I do not have any anti-Hotlinker entries in htaccess

  2. volleyballmaniac
    Posted 5 years ago #


    Still not working.

    I've tried the following using my CloudFront URL:

    I traced the image down the folder path to find out where it breaks (it appears to be breaking at /files/ folder).

    Note that working examples below may break soon, as I might remove that test img, but please be assured that they did work when I tested.




    So since it is breaking at the /files/ folder, it might have something to do with these files:
    - wp-admin\includes\ms.php
    - wp-includes\includes\ms-default-constants.php


    Additionally, I've also tried CHMOD the permissions of the files/ folder (and all subfoders & files) to 777, but that had no effect.

  3. I've seen stuff screw up when people have an actual folder somewhere in the install called /files/. Can you check for one?

  4. volleyballmaniac
    Posted 5 years ago #

    Yay, Andrea Rennick responded to my posting!

    Sorry, I get all weird around Web Celebrities ;-)

    As you instructed, I did a desktop search (of a downloaded copy of my install folder), for every instance of "files".

    The only results returned were those in the blogs.dir\BLOG_ID\files.

    I also did a manual inspection, and could not find any other folders named "files".


    Just a hunch, but could this "block unless uploading Blog is in Base URL" actually be a feature that was put in to block Hotlinking?

    It actually makes a lot of sense (until you try to use Cloudfront Origin Pull).

  5. block unless uploading Blog is in Base URL"

    That SOUNDS like 'Don't let jiggertyfoobar.com get images from foobartyjigger.com' which is what I use myself. Can you turn it off to test?

  6. volleyballmaniac
    Posted 5 years ago #

    Hi Ipstenu,

    Nice to bump into another WebCeleb (2 in one day, gee I feel special).

    Can you turn it off to test?

    Are you referring to Cloudfront? (my install is not currently linked)

    If not, please let me know what I should turn off.

    Just a note, that I don't currently have any anti-hotlinking code in htaccess. (never worked on my install anyway).

    If you'd like I can PM you a copy of my htaccess to see if it's something in there causing it. I've tried manually removing each item in there piece-by-piece, but still no JOY.

  7. Not cloudfront, the hotlinking aspect of it... Whatever it is.

    (I've only ever used .htaccess since ... er ... 2002? http://perishablepress.com/press/2007/11/21/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ )

    That said, I highly doubt it's the .htaccess.

    And I totally know what you mean about WP 'celebs' showing up ;) I still grin when they talk to me! (Hey! Andrea! We're celebrities!)

  8. volleyballmaniac
    Posted 5 years ago #


    Okay, this is embarrassing............Remember this:

    I've tried manually removing each item in there piece-by-piece, but still no JOY.

    Well the reason that didn't work is because I actually had the offending item in htacess in 2 different places.

    Here it is:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

    Using my not-so-powerful memory as a reference (also the notes in htaccess), I recall that this was a "security" entry that was suggested in the WP README.txt when I first installed MU many moons ago.

    (could be wrong though).


    Besides the fact that my files can now be hotlinked......
    Anyone have an idea of the repercussions of removing this line from htaccess?


    BTW, Andrea & Ipstenu my offer still stands: if either of you are ever in Vegas, PM me, and beers are on me. (sorry doesn't include slots money, haha).

  9. volleyballmaniac
    Posted 5 years ago #


    It would appear that:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

    .......is a necessary entry to have in htaccess if you want the Blog to access it's uploaded image (using its URI).

    Without it, Deprecated URL-path breaks on regular blog, http://site.com/files/2010........

    However, Regular URL-path still works though, http://site.com/wp-content/blogs.dir/23/files/2010........

    So my choices:
    1. Delete entry, and use Cloudfront to serve Static content

    2. Leave htaccess entry, and not have Cloudfront

    I'm going with Choice #1, however I realize that this is not a wholly proper solution to the issue.

  10. Hrm. What's your FULL .htaccess? You can post it here or on pastebin if it's really big.

  11. And I totally know what you mean about WP 'celebs' showing up ;) I still grin when they talk to me! (Hey! Andrea! We're celebrities!)

    Waht? Us? No way, I'm someone's Mother for cryin' out loud... ;D

  12. Curtiss Grymala
    Posted 5 years ago #

    @Andrea - So is Blythe Danner; that doesn't make her any less of a celeb. :)

    @volleyballmaniac - Try putting this line in your .htaccess file, directly under the first rule (which should be something like RewriteRule ^index\.php%):

    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    Notice that that rule differs slightly from the rule you originally had in your .htaccess file. Also, I am fairly certain that the order of the rules is important.

    If that still fails, try recreating your .htaccess file from scratch. Create a blank file with the following text (don't upload it to your server yet):

    # BEGIN WordPress
    # END WordPress

    Then, go to Network Admin -> Settings -> Network Setup (if you don't see that option, try adding define('WP_ALLOW_MULTISITE',true); back into your wp-config.php file) and copy the .htaccess stuff from that page into the blank file you created (in between the 2 lines I told you to put in in the first place).

  13. volleyballmaniac
    Posted 5 years ago #

    Yes! Whatever magic you did there seemed to work. I can now access using the deprecated file path (site.com/files/....), and also access with other URI's (like Cloudfront).

    I call it 'magic' because I can't explain it, but it works.

    Add yourself to the "owed beers when in Vegas" List (see my first post).

    Just a heads up that the paparazzi often don Polar Bear costumes up north. So that innocent-looking bear pooping in your backyard, might actually be a photog from TechCrunch.

    Yeah, I was actually going to do it, until Curtiss' post. Thanks for your help though young lady (yes, I read your About page).

    Sidenote: Accidental Discovery of Anti-Hotlinking Technique
    So for anyone not wanting to use CDN Origin Pull, it would appear that the code I had in my htaccess, was an awesome, amazingly-easy way to block Hotlinking:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
    *I still have no idea where I got it from

    It won't work for my needs, however, because I am using CDN Origin Pull.

    TLDR Summary (if you found this thread having CDN issues)
    - This code below (in htaccess) seems to block all URI's except the Blog that uploaded the file:
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L

    - Curtiss Grymala supplied an alternative to it, which seems to allow other URI's to access your the Uploaded Files of a blog:
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    - Utilize Curtiss' code if you are trying to get a CDN Origin Pull working.

Topic Closed

This topic has been closed to new replies.

About this Topic