rsilverhawk Posted January 11, 2017 Share Posted January 11, 2017 Hi, I am having a problem that all my php files produce either a 500 error or a 404 page. This is happening on both the oscommerce and wp blog. The htaccess for the main domain is and I have the permission at 644 (I have also tried 755 and 777) RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://mistymountainfurniture.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mistymountainfurniture.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://mistymountainfurniture.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://mistymountainfurniture.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.mistymountainfurniture.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.mistymountainfurniture.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] The htaccess in the oscommerce folder is I have the permission at 644 (I have also tried 755 and 777) # $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $ # # This is used with Apache WebServers # # For this to work, you must include the parameter 'Options' to # the AllowOverride configuration # # Example: # # <Directory "/usr/local/apache/htdocs"> # AllowOverride Options # </Directory> # # 'All' with also work. (This configuration is in the # apache/conf/httpd.conf file) # The following makes adjustments to the SSL protocol for Internet # Explorer browsers #<IfModule mod_setenvif.c> # <IfDefine SSL> # SetEnvIf User-Agent ".*MSIE.*" \ # nokeepalive ssl-unclean-shutdown \ # downgrade-1.0 force-response-1.0 # </IfDefine> #</IfModule> # If Search Engine Friendly URLs do not work, try enabling the # following Apache configuration parameter # AcceptPathInfo On # Fix certain PHP values # (commented out by default to prevent errors occuring on certain # servers) # php_value session.use_trans_sid 0 # php_value register_globals 1 Can anyone see what is going wrong here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 11, 2017 Share Posted January 11, 2017 If what you show is the full contents of both, then rename both of the files to something else and test the site. If it still fails, the problem is elsewhere. If it works, rename the one in the shop back to .htaccess. It is basically empty and is not needed but it needs to be eliminated as a possible problem. If it still works, then the problem is in your hotlinking code. Change it to the following to see if it works. Note that hotlinking doesn't work in some situations. If it still fails, you should contact your host to make sure you can use it. RewriteCond %{HTTP_REFERER} !^http://mistymountainfurniture.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mistymountainfurniture.com$ [NC,OR] RewriteCond %{HTTP_REFERER} !^http://www.mistymoun...rniture.com/.*$ [NC,OR] RewriteCond %{HTTP_REFERER} !^http://www.mistymountainfurniture.com$ [NC,OR] RewriteCond %{HTTP_REFERER} !^https://mistymountainfurniture.com/.*$ [NC,OR] RewriteCond %{HTTP_REFERER} !^https://mistymountainfurniture.com$ [NC,OR] RewriteCond %{HTTP_REFERER} !^https://www.mistymou...rniture.com/.*$ [NC,OR] RewriteCond %{HTTP_REFERER} !^https://www.mistymountainfurniture.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 11, 2017 Share Posted January 11, 2017 @@rsilverhawk These help prevent hotlinking as well: <IfModule mod_images.c><FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">Order allow,denyDeny from all</FilesMatch></IfModule><IfModule mod_files.c><FilesMatch "(^$|^favicon.ico$|.*.(jpg|jpeg|gif|png)$)">Order allow,denyDeny from all</FilesMatch></IfModule> Take care Bill Link to comment Share on other sites More sharing options...
MrPhil Posted January 11, 2017 Share Posted January 11, 2017 You don't want to use OR for the whitelist's list... use the default AND. It's checking if it's NOT this site AND it's NOT that site then go ahead and kill certain file requests. OR will always trigger the rewrite rule. You should be able to reduce your whitelist to one line per allowed site: RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mistymountainfurniture\.com(/)?.*$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 12, 2017 Share Posted January 12, 2017 You don't want to use OR for the whitelist's list... use the default AND. It's checking if it's NOT this site AND it's NOT that site then go ahead and kill certain file requests. OR will always trigger the rewrite rule. You should be able to reduce your whitelist to one line per allowed site: RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mistymountainfurniture\.com(/)?.*$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] That's correct. Thanks for the correction. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 12, 2017 Share Posted January 12, 2017 @@rsilverhawk I was looking at your site and I when I clicked around a few times I got this error from a couple of different links:FATAL ERROR: register_globals is disabled in php.ini, please enable it!It was at these links and there's more than these:http://mistymountainfurniture.com/catalog/index.php?cPath=132http://mistymountainfurniture.com/catalog/index.php?cPath=1_25http://mistymountainfurniture.com/catalog/index.php?cPath=60You're getting some bad responses from Pingdom:Response code Responses200 OK 60204 No Content 1301 Moved Permanently 1404 Not Found 2ERROR Connection error 6And redirects issues from Google PageSpeed:Consider Fixing:Avoid landing page redirectsYour page has 2 redirects. Redirects introduce additional delays before the page can be loaded.Avoid landing page redirects for the following chain of redirected URLs.http://mistymountainfurniture.com/http://mistymountainfurniture.com/mistymobilehttp://mistymountainfurniture.com/mistymobile/ Take care Bill Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 12, 2017 Share Posted January 12, 2017 @@MrPhil @@Jack_mcs You don't want to use OR for the whitelist's list... use the default AND. It's checking if it's NOT this site AND it's NOT that site then go ahead and kill certain file requests. OR will always trigger the rewrite rule. You should be able to reduce your whitelist to one line per allowed site: RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mistymountainfurniture\.com(/)?.*$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] Shouldn't it end with [F,NC,L] instead of [F,NC] like the example below? RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mistymountainfurniture\.com(/)?.*$ [NC]RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC,L] Bill Link to comment Share on other sites More sharing options...
MrPhil Posted January 12, 2017 Share Posted January 12, 2017 I don't think there's any need to use the [L] flag. The [F] flag will cause an immediate death-by-403, so it's redundant to use [L] to tell Apache to stop processing this pass (and go back to the start if the URL has changed). I don't think it will hurt to use the [L] flag. Of course, .htaccess's own documentation calls URL rewriting "voodoo"... Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 12, 2017 Share Posted January 12, 2017 @@MrPhil That's my mistake then. I was under the impression that the [L] flag was to tell Apache stop processing that pass and go to the next condition and rule. I didn't realize it was telling it to go back to the start. Take care Bill Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 12, 2017 Share Posted January 12, 2017 @@MrPhil Because I'm curious, can't Rain @@rsilverhawk use something like this to help prevent hotlinking and to save from rewriting: <IfModule mod_images.c><FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">Order allow,denyDeny from all</FilesMatch></IfModule><IfModule mod_files.c><FilesMatch "(^$|^favicon.ico$|.*.(jpg|jpeg|gif|png)$)">Order allow,denyDeny from all</FilesMatch></IfModule> And if using something like cPanel, can't he use their hotlinking protection function? Take care Bill Link to comment Share on other sites More sharing options...
MrPhil Posted January 12, 2017 Share Posted January 12, 2017 My understanding of [L] is that it means "stop this pass, and if the URL has changed, process the new URL from the top of this .htaccess". Your URL will be processed over and over until it stops changing (or the server decides it's in a loop). [L] just lets it do this restart a bit earlier. It's not very clear -- I wish they would rewrite this stuff to allow a real scripting language, or even a script of my choosing (e.g., in PHP). Regarding the hotlink protection, I have seen code something like you give, but most people prefer to use the whitelist RewriteCond/file extension test & kill RewriteRule. Actually, come to think of it, how do you control who is allowed to access these files? Does it allow only your site to access such files, and exclude everyone else? If so, an advantage of the RewriteCond/Rule method would be that you can specify a whitelist of other sites allowed to access the files. For example, you can let some forums (like this one) display your logo image. Also, the FileMatch patterns look a little clumsy, and why are two separate sets required? And what do you mean by "save from rewriting"? If the RewriteRule triggers a 403, that should be the end of the story -- all stop. You can certainly use cPanel's hotlink protection, but it the last time I used it (10 or so years ago) it was rather clumsy and inefficient. Once you know the basic pattern to the code, it's a lot easier to write it manually. Other control panels presumably have something similar. Link to comment Share on other sites More sharing options...
ecommunlimited Posted January 13, 2017 Share Posted January 13, 2017 @@MrPhil You asked "Actually, come to think of it, how do you control who is allowed to access these files? Does it allow only your site to access such files, and exclude everyone else?" As for me and my site, I have access to them and it excludes others. You can still whitelist others with the RewriteCond/Rule if you choose to. Although it seems to me, you shouldn't have to whitelist your own site. That should be automatic. So if only you are allowed access, there's no need to trigger a 403. Whitelisting your site seems to be an un-need rule. It just one more thing to read and a chance to potentially slow rendering down. It didn't seem (from his original code) that he was allowing others access. So why trigger a 403? You said "the FileMatch patterns looks a little clumsy, and why are two separate sets required?" The code can be organized better and someone should be able to combine the two. It don't think it would take much to do it. I mentioned the cPanel's hotlink protection because it has the basics needed for the protection. It's a good starting point for basic and quick protection. Although it's not perfect, once the code is there, it can be improved upon as you mentioned. It can also be be quicker time wise that creating your own code since it has the beginning building blocks for what his system requires. His cPanel hotlinking protection most likely has the ability to match the rest of his system. He's having issues in these areas, so why add more to it. http://www.oscommerce.com/forums/topic/410626-htaccess-problems/?p=1752054 I hope all of this make sense. Take care Bill Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.