get 403 Forbidden when accessing images from browser
-
Hi All,
I am getting 403 Fobidden error when trying to access directly from URL.
Here is my blog page url :
https://www.modestmoney.com/peer-lending-returns-still-sizzling/Images are displaying in post details page correctly but when i am trying to access the same image directly from url like below then it will giving me
403 Forbidden Error
https://www.modestmoney.com/wp-content/uploads/2015/09/Peer-Lending1.jpgWhen we right click on the post image and open image in new tab then it will be opened as below:
https://www.modestmoney.com/wp-content/uploads/2015/09/Peer-Lending1.jpg?1a2ec8
So the images are accessible when we add ?1a2ec8 parameter but i dont know why its added automatically?
My upload directory has 0755 permission and all the images have 0644 permission. I have installed W3TC plugin.
Can you please advise me on this what should i do to access images directly from the url like: https://www.modestmoney.com/wp-content/uploads/2015/09/Peer-Lending1.jpg
-
Are you using any copy/download/hotlink protection set up via a plugin, .htaccess, or something in your hosting provider’s control panel?
There is no plugin installed for hotlink protection but I am not sure about .htaccess or hosting provider’s end.
In .htaccess which code should I look for checking the hotlink protection? so I can be assure that there is no code for hotlink protection.
What is the contents of you main .htaccess file?
Also, check for one in the /wp-content/ and /wp-content/uploads/ directories.
Here is my
.htaccessfile of root directory.# BEGIN W3TC Browser Cache <IfModule mod_mime.c> AddType text/css .css AddType text/x-component .htc AddType application/x-javascript .js . . . AddType application/zip .zip </IfModule> <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/css A31536000 ExpiresByType text/x-component A31536000 ExpiresByType application/x-javascript A31536000 ExpiresByType application/javascript A31536000 . . . ExpiresByType application/zip A31536000 </IfModule> <IfModule mod_deflate.c> <IfModule mod_headers.c> Header append Vary User-Agent env=!dont-vary </IfModule> AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json <IfModule mod_mime.c> # DEFLATE by extension AddOutputFilter DEFLATE js css htm html xml </IfModule> </IfModule> <FilesMatch "\.(css|htc|less|js|js2|js3|js4|CSS|HTC|LESS|JS|JS2|JS3|JS4)$"> FileETag MTime Size <IfModule mod_headers.c> Header set Pragma "public" Header append Cache-Control "public, must-revalidate, proxy-revalidate" Header unset Set-Cookie Header set X-Powered-By "W3 Total Cache/0.9.4.1" </IfModule> </FilesMatch> <FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$"> FileETag MTime Size <IfModule mod_headers.c> Header set Pragma "public" Header append Cache-Control "public, must-revalidate, proxy-revalidate" Header set X-Powered-By "W3 Total Cache/0.9.4.1" </IfModule> </FilesMatch> <FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|woff|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|JSON|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|WOFF|XLA|XLS|XLSX|XLT|XLW|ZIP)$"> FileETag MTime Size <IfModule mod_headers.c> Header set Pragma "public" Header append Cache-Control "public, must-revalidate, proxy-revalidate" Header unset Set-Cookie Header set X-Powered-By "W3 Total Cache/0.9.4.1" </IfModule> </FilesMatch> # END W3TC Browser Cache # BEGIN W3TC Page Cache core <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* - [E=W3TC_ENC:_gzip] RewriteCond %{HTTP_COOKIE} w3tc_preview [NC] RewriteRule .* - [E=W3TC_PREVIEW:_preview] RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{QUERY_STRING} ="" RewriteCond %{REQUEST_URI} \/$ RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in) [NC] RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L] </IfModule> # END W3TC Page Cache core # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress Options +FollowSymlinks # BEGIN W3TC Browser Cache <IfModule mod_mime.c> AddType text/css .css AddType text/x-component .htc AddType application/x-javascript .js AddType application/javascript .js2 . . . AddType application/vnd.ms-write .wri AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw AddType application/zip .zip </IfModule> <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/css A31536000 ExpiresByType text/x-component A31536000 ExpiresByType application/x-javascript A31536000 ExpiresByType application/javascript A31536000 . . . ExpiresByType application/vnd.ms-write A31536000 ExpiresByType application/vnd.ms-excel A31536000 ExpiresByType application/zip A31536000 </IfModule> <IfModule mod_deflate.c> <IfModule mod_headers.c> Header append Vary User-Agent env=!dont-vary </IfModule> AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress RewriteEngine On RewriteRule ^\.htaccess$ - [F] RedirectMatch 301 /main.php$ https://www.modestmoney.com/ RedirectMatch 301 /thank-you/$ https://www.modestmoney.com/ RedirectMatch 301 /(.*)reviewRead$ https://www.modestmoney.com/ RedirectMatch 301 /(.*)/Apply$ https://www.modestmoney.com/$1/ rewritecond %{http_host} ^modestmoney.com [nc] rewriterule ^(.*)$ https://www.modestmoney.com/$1 [r=301,nc] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*default\.htm\ HTTP/ RewriteRule ^(([^/]+/)*)default\.htm$ https://www.modestmoney.com/$1 [R=301,L] <IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType text/css "access 1 day" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" </IfModule> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript <FilesMatch ".(js|css|html|htm|php|xml)$"> SetOutputFilter DEFLATE </FilesMatch> <IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(css|gif|ico|jpg|jpeg|js|pdf|png)$"> Header set Last-Modified "Wed, 14 Jul 2012 00:00:00 GMT" </FilesMatch> </IfModule> <filesMatch "\.(ico|pdf|flv|jpg|jpeg|gif|js|swf)$"> Header set Cache-Control "max-age=290304000, public" </filesMatch> <filesMatch "\.(png)$"> Header set Cache-Control "max-age=86400, public" </filesMatch> <filesMatch "\.(xml|txt|css)$"> Header set Cache-Control "max-age=604800, public, must-revalidate" </filesMatch> <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)(\.gz)?$"> Header set Expires "Thu, 15 Apr 2012 20:00:00 GMT" Header unset ETag FileETag None </FilesMatch> <Files 403.shtml> order allow,deny allow from all </Files> <IfModule mod_headers.c> # Serve gzip compressed CSS files if they exist # and the client accepts gzip. RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA] # Serve gzip compressed JS files if they exist # and the client accepts gzip. RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA] # Serve correct content types, and prevent mod_deflate double gzip. RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1] RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1] <FilesMatch "(\.js\.gz|\.css\.gz)$"> # Serve correct encoding type. Header append Content-Encoding gzip # Force proxies to cache gzipped & # non-gzipped css/js files separately. Header append Vary Accept-Encoding </FilesMatch> </IfModule> # BEGINNING of EXPIRES ExpiresActive On ExpiresDefault A300 ExpiresByType text/html A5 ExpiresByType application/javascript A604800 ExpiresByType text/css A604800 ExpiresByType image/x-icon A604800 ExpiresByType image/gif A604800 ExpiresByType image/png A604800 ExpiresByType image/jpeg A604800 ExpiresByType text/plain A300 ExpiresByType application/x-shockwave-flash A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 # END of EXPIRES RewriteCond %{HTTP_REFERER} !^https://modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://old.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://old.modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.old.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.old.modestmoney.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] # Browser Caching FileETag MTime Size <IfModule expires_module> ExpiresActive on ExpiresByType text/plain "access plus 1 week" ExpiresByType text/css "access plus 1 week" ExpiresByType text/javascript "access plus 1 week" ExpiresByType application/javascript "access plus 1 week" ExpiresByType application/x-javascript "access plus 1 week" ExpiresByType image/svg+xml "access plus 1 week" ExpiresByType image/gif "access plus 1 week" ExpiresByType image/png "access plus 1 week" ExpiresByType image/ico "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" ExpiresByType image/jpg "access plus 1 week" ExpiresByType image/jpe "access plus 1 week" ExpiresByType image/jpeg "access plus 1 week" ExpiresByType font/truetype "access plus 1 week" ExpiresByType application/x-font-ttf "access plus 1 week" ExpiresByType font/opentype "access plus 1 week" ExpiresByType application/x-font-otf "access plus 1 week" ExpiresByType application/font-woff "access plus 1 week" ExpiresByType application/vnd.ms-fontobject "access plus 1 week" ExpiresByType application/x-shockwave-flash "access plus 1 week" ExpiresByType application/x-httpd-php-source "access plus 1 week" </IfModule>I don’t see anything in there that would exactly block access to media files, then again there’s a lot in there, something could be conflicting.
Try this:
1. Rename that file to just “htaccess” (remove the dot).
2. Create a new .htaccess file with only the following:
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress3. Did that make any difference?
in my current htaccess file contains the expire headers code and all other stuffs related to W3TC. so if i replace the htaccess file then my site will take much time to load and i am scared about if it will be reset my W3TC settings which i have done.
This is temporary, 1 or 2 minutes at the most. Make the change, test it, put the old .htaccess file back.
This is the only way to know if something in there is causing the problem, besides deleting and testing every single line individually, which would take a lot more than 1 or 2 minutes.
Yes its because of htaccess i am getting 403 forbidden error. I have replace the htaccess as above then i can able to access the images. can you tell me what should i need to make change in my current htaccess.
Ok, with just the WordPress bits above, now configure W3TC again and everything it adds to .htaccess.
Checked after each step, and you should find what’s doing it.
This part is causing it:
RewriteCond %{HTTP_REFERER} !^https://modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://old.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://old.modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.modestmoney.com$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.old.modestmoney.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.old.modestmoney.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]If the referer does not match any of those domains and the file is an image, serve up a 403 forbidden response. https://httpd.apache.org/docs/2.4/rewrite/flags.html
So, get rid of or comment out that section.
Nice catch, Mark!
Thanks a lot for your help man
You guys just ended my 2 days of frustration. THANK YOU all.
- The topic ‘get 403 Forbidden when accessing images from browser’ is closed to new replies.