Before asking for help please read "Requesting Help and Suggestions" by clicking on that tab above here.
  • Page:
  • 1

TOPIC:

403 instead of image 3 months 3 days ago #1

  • meulie
  • meulie's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
Hi,

Guests & I see all these 403's instead of the images, but the image does show when clicked on that 403.

Example: genealogy.meulie.net/tree/meulie.ged/ind...obus-Petrus-de-Groot

Do I need to make a change in my (nginx) server config?

Please Log in or Create an account to join the conversation.

403 instead of image 3 months 3 days ago #2

  • fisharebest
  • fisharebest's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 15818
If you look at the HTTP response headers for the image, it has the message

X-Signature-Exception.

The URL for the image contains a "digital signaure" - the "s" parameter.

This prevents people from requesting images that they should not see - for example, images without watermarks.
It also prevents attackers from making "resize attacks", where they request the image resized to every possible height/width combination.

Not 100% sure why you are getting a mismatch error.
Perhaps your URLs are being truncated?

Can you look in the database. In the table wt_site_setting is an entry for "glide-key".
This should be lots of random characters.
You could try deleting this entry - it should be recreated automatically.
Alternatively, try setting your own random entry.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

403 instead of image 3 weeks 6 hours ago #3

  • meulie
  • meulie's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
I don't think the URL's get truncated. They're not _that_ long...

When I delete glide-key from wt_site_setting it does indeed get recreated. It doesn't solve the problem though.

Please Log in or Create an account to join the conversation.

403 instead of image 2 weeks 6 days ago #4

  • fisharebest
  • fisharebest's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 15818
> I don't think the URL's get truncated.

The problem is that your webserver truncates the URL before passing it to PHP.

So, PHP only sees the first part of the URL.

It is a well-known problem. Some webservers have quite low defaults for max-url-length.

What webserver do you use?
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

403 instead of image 2 weeks 5 days ago #5

  • meulie
  • meulie's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
I use nginx, version 1.21

Please Log in or Create an account to join the conversation.

403 instead of image 2 weeks 2 days ago #6

  • fisharebest
  • fisharebest's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 15818
I cannot think what is causing this.

Are you a PHP programmer. I could tell you where to add debug code, etc.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

403 instead of image 5 days 5 hours ago #7

  • meulie
  • meulie's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 6
I'm not a PHP programmer, but I do know my way around programming languages etc, so I'd love to give it a try.

How can I start debugging this?

Please Log in or Create an account to join the conversation.

403 instead of image 5 days 4 hours ago #8

  • fisharebest
  • fisharebest's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 15818
Look at the function MediaFile::signature()

URLs for media files contain various parameters, such as width and height.

We must prevent the client from modifying these. Otherwise a malicious user might try to request every possible combination of height/width, which could lead to a DoS attack.

We do this by adding a "signature" parameter ("s") to the URL. This is a simple MD5 hash of the parameters, plus a secret one ("glide-key").

When we process the URL to generate the image, we check this signature.

For you, the signature in the URL isn't matching the one that we calculate.

The assumption is that the URL has been modified - hence my ealier guesses about truncated URLs. Maybe your sever is adding additional parameters?

So, I'd start by reviewing the parameters passed to the signature() function - both when the URL is generated, and again when it is processed.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

Do you need a web hosting solution for your webtrees site?
If you prefer a host that specialises in webtrees, the following page lists some suppliers able to provide one for you: 
  • Page:
  • 1
Powered by Kunena Forum