I have a strange problem with Apache and/or PHP that is driving me nuts.
Before I explain the problem here is everything I know about the environment.
The Environment
OS: Ubuntu SMP x84_64
Apache Version: 2.x
PHP Version: 4.4.9-nmm4
It is a shared hosting plan so I don't have access to a shell.
The Problem
Apache/PHP does not display any pictures if they are referenced by the website itself (<img src="..." />
). All image request return 403 "Forbidden". But if you copy the path of the requested image and browse there directly the image is displayed. No problems at all.
So I can conclude that the image is accessible for Apache. I do use a .htaccess file:
# BEGIN s9y
DirectoryIndex /index.php
<Files *.tpl.php>
deny from all
</Files>
<Files *.tpl>
deny from all
</Files>
<Files *.sql>
deny from all
</Files>
<Files *.inc.php>
deny from all
</Files>
<Files *.db>
deny from all
</Files>
# END s9y
AddHandler php4-cgi .php
As you can see nothing regarding images. No rewrite rules or anything like that.
What I have tried so far
So far I googled a lot and found some hints suggesting that setting the directives EnableSendfile
and EnableMMAP
to Off could help. I tried that but nothing happened. My guess is that I would have to restart Apache for them to take effect. But as I said earlier this is a shared hosting plan. I can't restart Apache.
I hope someone can help me 🙂
Solution
The solution to my problem is very easy. As both answers suggest the problem lies with hot link protection. Weird enough, the protection is made in a another project in the same account for another domain. I removed the hot link protection from the .htaccess file and now it works again.
Special thanks to Igor. He and I worked out the problem in irc. That's the reason why I marked his answer to be the correct answer to my question.
Best Answer
To repeat my question from IRC: What, exactly, does the error log say?
Well, duh. -- With no error-log provided, I used my magical powers to debug this issue (Opera's Dragonfly). I noticed that, lo-and-behold, it was indeed perfectly consistent.
Each image would 403, unless called directly.
I tried to repro on the commandline, and managed to with this:
From this I concluded that there was some Hot-Link protection which obviously used the wrong URL as Referer.