views:

55

answers:

1

I'm doing some web design for a friend and I noticed that everywhere else on her site images will load fine except for the subdirectory I'm working in. I looked in her .htaccess file and sure enough it is setup to deny people from stealing her images. Fair Enough, except the pages i'm working on are in her domain and yet I still get the 403 error. I'm pasting the .htaccess contents below but I replaced the domain names with xyz, 123 and abc.

So specifically the page I'm on (xyz.com/DesignGallery.asp) pulls images from (xyz.com/machform/data/form_1/files) and it results in a forbidden error.

RewriteEngine on
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTP_REFERER} !^http://xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/data/form_1/files/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://123.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://123.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://123.xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://123.xyz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/data/form_1/files/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com$      [NC]

RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
deny from 69.49.149.17
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^ArtGraphics\.html$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^ArtGraphics\.asp$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Gear\.asp$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Gear\.html$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^NewsletterSign\-Up\.html$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^NewsletterSign\-Up\.asp$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^KidzStuff\.html$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^KidzStuff\.asp$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]

RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]
A: 

I'll bet its a syntax error in one of the directives, that you may have corrected when substituting www.xyz.com.

If you have access to httpd.conf, you could set up the RewriteLog and RewriteLogLevel directives to get a sense of what's going on when you try to load the images. You should be able to identify the offending line pretty easily. (Be sure to remove those directives once you're done.)

If you don't have access to httpd.conf, you can eliminate the lines one by one until you find the offender.

(Once that's all done, you could probably simplify that .htaccess file quite a bit. Most of those rewrite conditions are redundant. Easy for tiny errors to sneak in and not get noticed)

anschauung