Member
Member
altny   2013-04-08, 20:40
#1

Still working on implementing Zenphoto for the first time. Something that's been an issue for my site since the beginning is that the thumbnail for text objects just don't show up. I'm getting a 403 error when I try to access the image directly. I've played around with permissions, and setting the symlink in the cache and the actual image itself to 777 doesn't seem to help.

You can see it here:

http://staging.altny.com/poba/Poetry/

The theming is only partially done, so it doesn't look right, but you can see the issue with the thumbnail. As an fyi, even if I'm using the included ZenPage theme, I have the same problem. Any ideas on where to look to troubleshoot?

Administrator
Administrator
acrylian   2013-04-08, 21:31
#2

Is that the default image? I have the same issue on my live test site, too. Sadly no idea why. The workaround actually would be to create custom thumbs.

Member
Member
sbillard   2013-04-09, 01:06
#3

Check your file permissions on the cache folder(s). WEB browsers (e.g. the public) must be able to access the files in the folder.

Administrator
Administrator
acrylian   2013-04-09, 09:13
#4

Regarding my server: It is not the cache folder as otherwise other images would not work, too.

I have the suspicion that my server somehow does not like the url the default images is called with:
/zp-core/i.php?a=Test&i=_%7Bzp-core%7D_%7Bzp-extensions_-_class-video%7D_mp4Default.png&w=95&h=95&cw=95&ch=95&t=1&wmk=!&check=27bde58ee25260ceede27a4a68cc6b6559b64618.
Is that meant to look encoded like that? As mentioned on my live server the default thumbs never worked.

Member
Member
sbillard   2013-04-09, 15:52
#5

That is indeed the encoding for the default MP4 default image. I do not see how your server could block that particular link, thought. The form is pretty much the same as for any un-cached image. Maybe your browser is not fetching the link? You should look in the Apache access logs to see if there is a "Get" for it.

Administrator
Administrator
acrylian   2013-04-09, 19:47
#6

A look in the error log told what it is is: Once again modsecurity. (the browser tells me the server responded with 404 therefore). So since I will not be able to talk my host into disabling that, my only way around is creating custom video etc thumbs.

Member
Member
sbillard   2013-04-09, 21:58
#7

Maybe you can ask what triggers the security block. It would be possible to change (somewhat) the link text to these items, but of course we would need to know what is forbidden.

Administrator
Administrator
acrylian   2013-04-10, 08:18
#8

Maybe the error message does already tell? I sent it via mail as it contains some keywords that would probably not be a good idea to post here..;-)

Member
Member
altny   2013-04-10, 13:18
#9

Getting around it in a systemic way would be preferable for me. We will probably have users in the future who are uploading text without knowing how to create custom thumbnails,

Thank you for looking into it!

Administrator
Administrator
acrylian   2013-04-10, 13:52
#10

Yes, although creating custom thumbs for videos (and other "non" images) is not that hard actually:
http://www.zenphoto.org/news/why-does-zenphoto-not-show-a-thumbnail-from-my-video-

Member
Member
sbillard   2013-04-10, 16:05
#11

The error may tell, it is a regular expression match apparently looking for phonograph or SPAM. I will have to analyze it, though, to understand what it is catching in our links.

Member
Member
sbillard   2013-04-11, 01:25
#12

Unfortunately, the regular expression is not completely shown. What is shown would not catch our URIs. Also amusing is apparently this is a "P" preventer, but only if you are looking for P in English.

Seems like a pretty silly rule in the first place. It will catch only a handful of P*** URIs. This is the problem with most over zealous "security" patches. They tend not to accomplish their goals in the first place and then suffer from false positives that prevent legitimate content from working.

Administrator
Administrator
acrylian   2013-04-11, 07:39
#13

I will contact my host and point them to this topic.

Btw, I have "censored" your post a bit for SEO's sake.

Administrator
Administrator
acrylian   2013-04-14, 16:13
#14

My host didn't give me further info about the rule but they deactivated it for my account. So for me at least all works again but I cannot test the recent change anymore to have any impact..

Member
Member
sbillard   2013-04-14, 17:14
#15

Well, I suppose it is good that they are not running the rule for you. But too bad on the other account. I guess anyone having this issue should just contact their hoster.

Administrator
Administrator
acrylian   2013-04-14, 19:20
#16

Maybe it is just a basic issue with "general rules" that they are general...

Member
Member
altny   2013-04-18, 19:46
#17

acrylian - I think I missed something. Which rule should I ask my host to deactivate?

Thank you for looking into it.

Administrator
Administrator
acrylian   2013-04-18, 20:28
#18

You need to ask your host about server security measures active like modsecurity. That is or are extensions to the server. On my host they deactivated a rule that triggered here.

But of course it might be something different on your host.

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.