Featurific Support
Working with .htaccess files - Printable Version

+- Featurific Support (http://featurific.com/support)
+-- Forum: General Support (/forum-3.html)
+--- Forum: General Support (/forum-11.html)
+--- Thread: Working with .htaccess files (/thread-182.html)

Pages: 1 2

Working with .htaccess files - jeckert - 09-30-2010 04:25 AM

Hi -- I recently installed Featurific Pro, and I'm loving it. I just put my Wordpress blog behind the security features on our campus though, and started running into problems. Luckily, I found out how to allow the flash image uploader to operate correctly by entering the following into the .htaccess file:

Quote:<FilesMatch "(async-upload\.php)$">
Satisfy Any
Order allow,deny
Allow from all
Deny from none

I'm trying to figure out what FilesMatch string to use to allow the FP files the access they need. I'm afraid I'm not a wiz at RegEx yet -- can I just ok an entire directory?

RE: Working with .htaccess files - rinogo - 10-01-2010 03:10 AM

Hi there, jeckert!

Thanks for your post, and for your enthusiasm for Featurific! Smile Can you send me the URL (PM it if necessary) so that I can take a closer look? Also, can you describe a bit more about what problems you're having? Are the Featurific files simply inaccessible? Have you tested to see which ones in particular are inaccessible?

I'm not familiar with your campus' existing htaccess policies, so I can't provide 100% certainty, but you *should* be able to provide access to the entire featurific-for-wordpress directory safely. There's nothing sensitive in there.

Thanks again for your comment, and have a great day! Please let me know how else I can help out! Smile

RE: Working with .htaccess files - jeckert - 10-02-2010 01:47 AM

Hi Rinogo,

I've sent the link to you via PM.

The images are accessible directly -- I can go to the image that should be showing in the rotator by typing its address into the address bar of the browser.
The featurific files are also accessible -- the read/write/execute permissions are as loose as can be. The issue is that after I placed the site behind the security system, any images I uploaded into Wordpress since making the switch don't make it into the Featurific display.

I'm assuming there's an issue with the way Featurific is calling for those images. The only two changes that have occurred between "working" and "not working" is adding redirect lines to the .htaccess file to make /wordpress/ appear as the root, and adding the require user lines that interact with the UW NetID Authorization system for anything that attempts to access (~/wordpress/wp-admin), (~/xmlrpc.php), or (~/wp-login.php) without one is denied, thus the FilesMatch line in the code for the flash uploader.

After a little more digging (and breaking things) and RTFM'ing, I came across this:
Quote:= Featurific works, but none of the images load. Help! =
In most cases, this issue is related to hotlink prevention measures taken by a web host. To make a long story short,
Flash (Actionscript 3.0) doesn't send the HTTP-REFERER HTTP header, which causes some web servers to erroneously conclude
that Featurific is attempting to [hot-link](http://en.wikipedia.org/wiki/Inline_linking) an image. So, these servers
block Featurific's image requests and the images do not appear. To fix this issue, try disabling 'hot link' or 'leech'
protection in your CPanel or PLESK control panels. If that does not work, try contacting your web host and explain that
you need hotlink protection disabled.
Now hotlinking isn't disabled, but I *do* know that the HTTP Authorization plugin they need us to use to interact with the user/password system requires a call to the HTTP-REFERER. Since that isn't sent with Flash, I'm now presuming that's the problem. My campus IT seems to think it is an issue with the redirect.

I have another website that is a clone of this without the user/password setup that the University uses, where I've been following the same installation steps up until adding the additional .htaccess work. It has retained all functionality -- I can upload photos to new posts tagged "featured posts" and have them show up fine in the rotator.

But here's the real kicker:

Turning off the redirect which reveals the /wordpress/ directory doesn't fix the issue.
Commenting out the file access lines also doesn't fix the issue.
Deactivating the HTTP Authorization plugin (in combination with commenting out the file access lines) also doesn't fix the issue.

The MySQL database is in its own directory from the root, so I know the redesign isn't affecting any of the blog internals.

I'm going to try a reinstall of the plug-in today after I back up the XML files again. I'll let you know how it goes, since I'm fairly sure we're in drastically different time zones. Smile


p.s. I've learned squat as far as apache goes, so any explanations involving working with the .htaccess file are probably going to have to be spelled out for me. I'm doing the learn-as-you-go thing I'm afraid.

RE: Working with .htaccess files - jeckert - 10-05-2010 11:29 AM


Did a deactivate/reactivate. No change.

Did an uninstall/reinstall. No change.

I'm 99.9% certain that this is an issue with the HTTP_REFERER that our authorization plugin requires. I am prepared to whitelist anything that your program uses. However, I'm unsure how to do that.

I can force the following error by attempting to use <DirectoryMatch> like I am <FileMatch>

DirectoryMatch in .htaccess:
Quote:<DirectoryMatch "(/wordpress/wp-content/plugins/featurific-for-wordpress)$">
Satisfy Any
Order allow,deny
Allow from all
Deny from none

Error produced:
Quote:Warning: file_get_contents(http://XXX/wordpress/wp-content/uploads/2010/09/myj-Custom1.jpg) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /XXX/wordpress/wp-content/plugins/featurific-for-wordpress/featurific.php on line 2132

Warning: file_get_contents(http://XXX/wordpress/wp-content/uploads/2010/06/RapidRide1.jpg) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in XXX/wordpress/wp-content/plugins/featurific-for-wordpress/featurific.php on line 2132

Warning: file_get_contents(file:///C:/DOCUME%7E1/Admin/LOCALS%7E1/Temp/moz-screenshot.png) [function.file-get-contents]: failed to open stream: No such file or directory in XXX/wordpress/wp-content/plugins/featurific-for-wordpress/featurific.php on line 2132

I'm assuming that I've borked the .htaccess file in this example which forces the error return. Removing the <DirectoryMatch> line returns things back to normal.

I think I need the Apache command to whitelist either the directory, or whatever file uses "file_get_contents".

Adding featurific.php to the <FilesMatch> appears to not remedy the problem.

In searching through the PHP, here's 2130-2132:
Quote://If the image is on a different domain, we can't access it from Flash 9 directly, so we've got to load it by proxy (save locally via PHP).
else {
$image_data = file_get_contents($image);

This confuses me though -- I've got the *exact same* redirect on site #2, which appears in my .htaccess thus:

Quote:# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /XXX/wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /XXX/wordpress/index.php [L]

# END WordPress
Given that the redirect is identical in both cases and is only giving me grief in one of the cases, I'm siding with the HTTP_REFERER issue, but I'm pretty wet behind the ears at this sort of thing. Admittedly, from the error it's giving us, it could be an issue with the redirect....but I'm not really sure.

RE: Working with .htaccess files - jeckert - 10-06-2010 04:14 AM

And opening the page in IE8 returns the following error:

Quote:SecurityError: Error #2122: Security sandbox violation: Loader.content: http://xxx/wordpress/wp-content/plugins/featurific-for-wordpress/FeaturificFree.swf?&lzproxied=false cannot access https://xxx/wordpress/wp-content/uploads/2010/09/kmitch4.jpg. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
at flash.display::Loader/get content()
at featurific::ScreenImage/::initListener()

Pretty sure it's an .htaccess issue now.
Quote:<FilesMatch "(async-upload\.php|wp-cron\.php|xmlrpc\.php|FeaturificFree\.swf)$">
Satisfy Any
Order allow,deny
Allow from all
Deny from none
So I added FeaturificFree to the FilesMatch...but all of the files I have listed there are in the same directory as the .htaccess file (~/wordpress/) with the exception of FeaturificFree.swf which is in (~/wordpress/plugins/featurific-for-wordpress/). I've confirmed Apache 2.2.1.

So I guess all I would need is the line that would add the featurificfree.swf to the list of exceptions in the .htaccess file at (~/wordpress/). I'm afraid I don't know the syntax.

RE: Working with .htaccess files - rinogo - 10-06-2010 08:20 AM

Hi jeckert!

Thanks for all of your deep research about all of this! And I'd like to give a big, "AH-HAH!":

Now that you've restored the image on that post and refreshed the XML, I'm fairly certain I know what the problem is. Featurific is attempting to load the image located at:


Notice that this image is being accessed via SSL (https://...). HOWEVER, the webpage (and associated FeaturificFree.swf file) are being loaded via an unsecured connection (non-SSL, aka non-https:// (regular http://)). This is causing the image to be inaccessible.

If you access the page via SSL, the problem is fixed!


So, there are a few possible solutions here:
1. Always access the site via https. (not the best solution)
2. Load FeaturificFree.swf via SSL (should fix the problem)
3. Access the image via a non-SSL connection.
4. I'm sure there are other possible solutions.

Do you have any thoughts on which would be easiest to do in your current configuration? A simple change to featurific.php should be enough to implement one of these solutions (except for #1, of course).

I'm glad that everyone is excited about Featurific and the new site! Smile

Hope to hear from you soon,

RE: Working with .htaccess files - jeckert - 10-06-2010 08:32 AM

You are a lifesaver.

1. Isn't an option, I'm afraid. The intention is a public-facing website. I've only got the administrative functions behind the SSL.
2. How would I do that?
3. I think that's the workaround we've been using -- uploading it to our FTP site and linking to the image via non-SSL URL. That makes a lot more sense now. This solution isn't ideal, however. I'm trying to eliminate the need for as much instruction as possible. I've got a tech-savvy assistant in the office now who understands "ftp this here and link via URL" as a line of instruction, but I lose her come winter and would like a more accessible solution. With staff turnover and budget cuts being what they are, there's no guarantee that I won't have to do this annually. Smile


RE: Working with .htaccess files - rinogo - 10-06-2010 08:40 AM

Hi Joe,

I'm glad we're making some progress! I guess the real question is - why do you think the images are being stored in Wordpress in such a manner that they are being served up via SSL? One clue is that when you access the blog post itself, the images are being served via SSL even if the post itself is accessed via regular old http.


RE: Working with .htaccess files - jeckert - 10-06-2010 09:16 AM

(10-06-2010 08:40 AM)rinogo Wrote:  Hi Joe,

I'm glad we're making some progress! I guess the real question is - why do you think the images are being stored in Wordpress in such a manner that they are being served up via SSL? One clue is that when you access the blog post itself, the images are being served via SSL even if the post itself is accessed via regular old http.

Our net authentication system requires an SSL connection, which is triggered via the .htaccess file. In order to access xmlrpc.php, which is used by async-upload.php, which in turn is necessary to operate the flash uploader that comes with Wordpress, I had to put a line that allowed async-upload.php access without authentication (the FileMatch argument at the top of this post). That's what I know.

Here's a guess? So the async-upload is likely using SSL to put the files into the gallery without having the authorization required of it. I'm wondering if it is carrying over the SSL status from the upload? But really, beats the hell out of me.

What I *can* tell you is that any post made before I called the net authentication system via the .htaccess is listing the address of images as "http://" which are also those images that are functioning in the Featurific currently. At the very least, I've got another set of keywords to Google. Smile


RE: Working with .htaccess files - jeckert - 10-07-2010 02:30 AM

Removing the "s" from "https://blahblahblah" in the URL from the Wordpress image manager doesn't change anything (although you can successfully visit http://blahblahblah and see an image now).

I've also disabled the security for the xml-rpc file to no avail.

Curiously, removing the "s" causes IE8 to stop reporting the error above.