1995 world gymnastics championships videos.Enjoy Free 888+200 Daily Legal Bonus

Resolved

(@pennymachines)

I have AIOS network installed on a multisite setup. It is blocking (error 403) images in subfolders of my subsites, eg. folder uploads/sites/6/2023/06/image.jpg

I’ve rewritten the .htaccess in WordPress root to fix this and had to deactivate AIOS.

I wonder if there’s something in Settings I’m missing? .htaccess below:


# BEGIN All In One WP Security
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
<Files license.txt>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
<Files wp-config-sample.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
<Files readme.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
ServerSignature Off
LimitRequestBody 10485760
<Files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
<Files debug.log>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END
#AIOWPS_DISABLE_TRACE_TRACK_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
#AIOWPS_DISABLE_TRACE_TRACK_END
#AIOWPS_FIVE_G_BLACKLIST_START
# 5G BLACKLIST/FIREWALL (2013)
# @ https://perishablepress.com/5g-blacklist-2013/

# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|='$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>

# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>

# 5G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (https?|ftp|php)\://
RedirectMatch 403 /(https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
RedirectMatch 403 \.well\-known/host\-meta
RedirectMatch 403 /function\.array\-rand
RedirectMatch 403 \)\;\$\(this\)\.html\(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot\.htm\)\.\_
RedirectMatch 403 /ref\.outcontrol
RedirectMatch 403 com\_cropimage
RedirectMatch 403 indonesia\.htm
RedirectMatch 403 \{\$itemURL\}
RedirectMatch 403 function\(\)
RedirectMatch 403 labels\.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat
</IfModule>

# 5G:[REQUEST METHOD]
<ifModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
#AIOWPS_FIVE_G_BLACKLIST_END
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://pennymachines\.co\.uk/clive [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END
# END All In One WP Security

# BEGIN WordPress Multisite
# Using subfolder network type: https://www.ads-software.com/documentation/article/htaccess/#multisite

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

# END WordPress Multisite
#Custom Error Documents
ErrorDocument 401	/401.shtml
ErrorDocument 403	/403.shtml
ErrorDocument 404	/404.shtml
ErrorDocument 500	/500.shtml

Viewing 15 replies - 1 through 15 (of 17 total)

1 2 →

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago
Hi @pennymachines

Is this is the recent AIOS update issue or you are setting it first time.

I can see the Prevent image hotlinks, 5G rules are on. can you please disable them one by and check which is making issue ?

IF Prevent hotlink is the issue. Is the below main site and do you have subsites under it?
```
https://pennymachines.co.uk/clive
```
Regards
Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

Hi

Thanks for your assistance.

This issue was apparent before the recent update.

I cannot find where to configure image hotlink settings. When the plugin is activated, there is no All-In-One Security sidebar menu in network admin. In the subsites, there is no firewall tab in the WP Security sidebar menu.

I cannot find documentation on this, so would be grateful for some hints.

The URL you posted is to an unused testing subsite. When AIOS writes the ,htaccess, images are blocked on https://pennymachines.co.uk/archive/gallery/ and https://pennymachines.co.uk/museum/

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago

Hi @pennymachines

If you have Deactivated AIOS plugin it might be the case you can not see in sidebar menu of the main site.

Please Go to My sites > Networks Admin > Plugins list there All in one security plugin should be activated already.

Then Go to Mainsite WP Security > Filesystem security > File protection It will have Prevent image hotlink option.

Go to main site WP Security > Firewall > 6G blacklist firewll rules have Enable legacy 5G firewall rules.

Try disable them one by one and check.

Regards

Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

Hi @hjogiupdraftplus

I have the AIOS plugin network activated, but there is no Mainsite WP Security sidebar menu, or any other sidebar menu related to AIOS from my network admin.

There is a sidebar menu called WP Security in my subsites’ sidebar menus, but these have no Firewall submenus.

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago

Hi @pennymachines,

It seems strange, are you sure you are logged in with Super Admin 0r Administrator have manage_options capabilities?

That is the only restriction right now.

Regards

Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

Hi @hjogiupdraftplus

Yes, I’m logged in as Super Admin.

Here’s a screengrab of what I see: https://pennymachines.co.uk/network-grab.jpg
Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago
working screengrab: https://ibb.co/nnY3gpb

Edit to add – it seems (no doubt for other reasons) images are blocked here too! Please copy & past the URL into browser address bar.
- This reply was modified 1 year, 3 months ago by pennymachines.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago

Hi @pennymachines

What you sent me is Network Admin there you can not see the WP Security menu. It is ok, It will be visible in the Main site

Go to Sites in that screen shot it will have the – Main as below image

https://snipboard.io/qmdMRD.jpg

For that Main site Dashboard will have WP Security and also. WP Security > Filesystem security > File protection

Regards

Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

Ah, thank you so much for that. I’m used to finding plugin settings in the network and subsite admins. I don’t use the ‘main’ site, so didn’t think of looking there!

Image hotlink protection wasn’t enabled. I’ve enabled it, but this hasn’t caused the 403 issue to recur. Usually all is fine for a while, then suddenly images are blocked. I’ll continue to monitor and report back if necessary. Thank you again for your help.

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago

Hi @pennymachines

Please make sure Image hotlink protection is disabled, It might be the reason 403 error showing for images.

you have sent the .htaccess file code have it as per the below screen shot. other wise remove it from the .htaccess file directly.

https://snipboard.io/1I8FKX.jpg

Regards

Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

OK, thanks. I will try that.

Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

My .htaccess AIOWPS_PREVENT_IMAGE_HOTLINKS_START contained the line: RewriteCond %{HTTP_REFERER} !^http(s)?://pennymachines.co.uk/bandits [NC]

This line remained after disabling image hotlink protection, and it prevented images from showing on my other WP subsites.

When I matched the .htaccess line you gave: RewriteCond %{HTTP_REFERER} !^http(s)?://pennymachines.co\

all pages were broken.

So I’ve removed the complete chunk, as suggested.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 year, 3 months ago
Hi @pennymachines

You should remove all lines mentioned below from your .htaccess site.

Make sure you have disabled the Image hotlinking from main site and your .htaccess file is writable.
```
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://pennymachines\.co\.uk/clive [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END
```
Regards
Thread Starter pennymachines
(@pennymachines)

1 year, 3 months ago

Thank you. Yes, that’s what I did.

htaccess is CHMOD 644

I’ll report back if the images ‘spontaneously’ get blocked again.

Regards

Thread Starter pennymachines
(@pennymachines)

1 year ago

Hi

The problem spontaneously recurred a few days ago (maybe after a version upadate?)

I made no adjustments to my security settings but find this block inserted into my htaccess:

AIOWPS_PREVENT_IMAGE_HOTLINKS_START

RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} .(gif|jpe?g?|png)$ [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://pennymachines.co.uk/clive [NC] RewriteRule .(gif|jpe?g?|png)$ – [F,NC,L] AIOWPS_PREVENT_IMAGE_HOTLINKS_END

The result is that all images in all my WordPress subsites are Error 403

I checked again Filesystem security, but ‘prevent image hotlinking’ is OFF and WP Security > Firewall > 6G blacklist firewall rules are DISABLED.

The question is why AIOWPS appears to automatically insert this rule which breaks my sites?

Viewing 15 replies - 1 through 15 (of 17 total)

1 2 →

The topic ‘Error 403 on images’ is closed to new replies.