Image Comment - Forbidden

I've been helping a friend with the installation and maintenance of a site [RCHS Image Archive] (https://rchsimagearchive.org.uk/) and have struck a "weird" problem. We also have a development copy of the site run with a totally different hosting provider (123Reg) and the issue does NOT apply there.

We've enabled comments on the live site - so far only for logged in users while we iron any wrinkles out. The site is based on ZenPhoto with ZPBootstrap - then heavily configured (or lightly customised) to the needs of the society.

Posting Comments on albums works fine, posting comments on images returns a 403 - forbidden. I've "repaired" the database, re-installed ZenPhoto, tried changing ownership of images to myself, all give "403 - Forbidden". There is nothing in either the Apache Server logs nor in Zenphoto logs to say what the issue is.

Next step is to turn off HTTPS, capture the live traffic (wireshark) and see what the actual POST or GET is, but if anyone has any thoughts on why comments on Albums is fine but comments on an Image are forbidden, there may be a Christmas beer in it for you!

Comments

  • acrylian Administrator, Developer

    That's usually related to file/folder permissions, either wrong or too strict for the server or the wrong user. Take a look here:
    https://www.zenphoto.org/news/permissions-for-zenphoto-files-and-folders/

  • Thanks - I'll have a look - when I re-ran "setup" I did relax permissions from "strict" to "relaxed" but appreciate that may not have percolated down to existing files / folders (and/or the web server may not accept ZP telling it what to do!)

  • acrylian Administrator, Developer

    Yes, Setup tries to set them correctly but it does not work on all servers as all as different.

    It will for example not work if the user zenphoto runs under is no the owner of the files (see the article I linked). That sometimes happens when for example FTP you are using to upload has a different user than the scripts-

  • This is weird!

    I've done a traffic capture "on the wire", both GET and POST are correctly formatted and all the parameters match between the four examples below

    "GET {site root}/name-of-album/"
    Returns the album as a correctly formatted web page with comment box etc

    "GET {site root}/name-of-album/Image1.jpg"
    Returns the image from that album, correctly formatted with comment box etc

    "POST {site root}/name-of-album/ {various POST parameters}"
    Adds comment, then returns the album as a correctly formatted page including that comment

    "POST {site root}/name-of-album/Image1.jpg {various POST parameters}"
    FORBIDDEN

    I can't see anything that "GET" image works and "PUT" image is forbidden. I need to get my head around the PHP rewrite process...

  • Turning off "mod rewrite" under url options and it works! Still investigating...

  • acrylian Administrator, Developer
    edited January 2022

    Folder permission are actually not related to modrewrite and rewriting. Rewriting is just a kind of "masking". There is a lot involved and if you can't see images that is probably related to image processing as well which does not use modrewrite at all.

    Turning off "mod rewrite" under url options and it works! Still investigating...

    Perhaps your server does not support modrewrite (does really any webhost does not have that nowadays, despite non Apache servers?). Or the htaccess was not in place or not correct.

Sign In or Register to comment.