Support » Plugin: All In One WP Security & Firewall » Possible htaccess problem?

  • I was having problems with images not loading on the domain.com version of my site (www.domain.com loads fine). So I notified my support and they returned with this:

    In your app’s .htaccess file I see this code:

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.xxxxxx\.com [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]

    It looks like this was created by the All in One WP Security plugin, and it is blocking image requests.

    I think the problem is with the HTTP Referrer line. This regex looks like it is not correct: !^http(s)?://(.*)?\.xxxxx\.com

    It looks like it is matching “.xxxxx.com”. The period in front may be messing up the match.

    I’d recommend either modifying the code to match correctly, or removing it from the .htaccess file altogether.

    • This topic was modified 2 years, 11 months ago by gavinswordpress3. Reason: typo
    • This topic was modified 2 years, 11 months ago by gavinswordpress3. Reason: removed formatting
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, can you share which feature in the plugin you enabled that produced the above entry in the .htaccess file?

    Thank you

    Plugin Contributor Česlav Przywara

    (@chesio)

    @mbrsolution – these rules are added to .htaccess when image hotlinking feature is activated.

    @gavinswordpress3 – I’ll submit a patch for the function that creates the domain regex. Thanks for reporting this!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @chesio, thank you 🙂

    Is the solution to that problem as simple as changing

    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.mydomain\.tld [NC]
    to
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\mydomain\.tld [NC]

    ???

    Plugin Contributor Česlav Przywara

    (@chesio)

    Yes and no. Yes, because it will solve the reported problem. No, because it’s still not 100% correct. You want something like this:

    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mydomain\.tld [NC]
    
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Possible htaccess problem?’ is closed to new replies.