![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I am just tearing my hair out over trying to host the pictures for my custom mood themes on my own website rather than in LJ ScrapBook, which is where they currently are. (I'm considering letting my paid account lapse, so ScrapBook would go with that. Technically you don't get custom mood themes with a basic account, but if you have one already in place, it's supposed to stick, although you can't make further changes to it.) If I turn off hotlinking protection, everything is hunky-dory, but I want that on. And I can't seem to enter anything in the allowed referers list that actually works and lets the images appear. It won't take input like .insanejournal.com; it apparently has to be a full URL beginning with http://, and besides that, http://www.insanejournal.com doesn't make it work anyway. I can only assume that the actual http request is coming from some other server name, but I can't figure out what. (I happened to be testing on IJ because I want it to work there too, but my recollection is of having similar problems on LJ the last time I tried this with hotlink protection. I assume the same will be the case on Dreamwidth.) edit 2: No, in fact, the case is that the referer changes to match the account name of the person reading their flist. (I could add my own journal name to the list but it would only work if someone viewed the journal directly.) With wildcard entries simply getting erased if I try to add them to the whitelist, I can't see how it's feasible to add all possible referers. Argh.
I really don't want to do something like start a Photobucket account just for this. There should be a way to make this work but I am just at my wits' end.
edit 1: Really, I suppose I could learn to live without the mood themes; most of the time I forget to set a mood on posts anyway. But I need a place to stick pictures when I just want to display them in my journal, which is the other main thing I use ScrapBook for. I suppose if it came to it I could stick them in my deviantArt scraps or flickr or something, but it doesn't seem like the "right" solution somehow.
I really don't want to do something like start a Photobucket account just for this. There should be a way to make this work but I am just at my wits' end.
edit 1: Really, I suppose I could learn to live without the mood themes; most of the time I forget to set a mood on posts anyway. But I need a place to stick pictures when I just want to display them in my journal, which is the other main thing I use ScrapBook for. I suppose if it came to it I could stick them in my deviantArt scraps or flickr or something, but it doesn't seem like the "right" solution somehow.
no subject
Date: Mar. 9th, 2010 09:03 pm (UTC)From:no subject
Date: Mar. 9th, 2010 09:26 pm (UTC)From:Http Code: 403 Date: Mar 09 14:32:43 Http Version: HTTP/1.1 Size in Bytes: 634
Referer: http://www.insanejournal.com/manage/moodthemes.bml
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Yet, as I said, entering http://www.insanejournal.com in the list of allowed referers doesn't seem to help. Entering the entire page through to .bml would be useless, I think, because most of the referers are going to be X random journal URL that I can't control, yeah?
edit: I was hoping to discover it'd be something non-obvious like how livejournal serves a bunch of images off l-stat.livejournal.com, or something like that, but ...
no subject
Date: Mar. 9th, 2010 09:44 pm (UTC)From:You have a custom mood theme on your IJ account. You want to have the images for this theme be on your own server, and you want them to be visible when referenced from... let's say, from any page in the *.insanejournal.com/* namespace. However, if they're hotlinked from anywhere else, the viewer should get whatever error message is normally supplied by the hotlinking protection.
Have I got that right?
Assuming I do:
What server software are you using? (The log entries you showed me don't seem to be from Apache.)
What hotlinking blocker are you using?
FWIW, my LJ account still has a custom mood theme, and I can show you the sorts of referrer values I wind up with. It tends to look something like:
http://starlightforest.livejournal.com/friends
http://someuser.livejournal.com/friends?skip=35
http://otheruser.livejournal.com/friends/Some+Filter
And so on.
no subject
Date: Mar. 9th, 2010 09:42 pm (UTC)From:/pics/combohpmoods/angry.jpg
Http Code: 403 Date: Mar 09 15:33:09 Http Version: HTTP/1.1 Size in Bytes: 632
Referer: http://elethian.insanejournal.com/167159.html
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
I think when someone views their friends page, the referer is theirname.insanejournal.com, and not mine... so
oh! Yeah, lol. Test post happily obliged me with some sample errors for that:
*
/pics/combohpmoods/angry.jpg
Http Code: 403 Date: Mar 09 15:40:56 Http Version: HTTP/1.1 Size in Bytes: 632
Referer: http://redqueenmeg.livejournal.com/friends
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)
There's no way I can enter all the possible referers for this kind of thing.
Ugh.
Looks like my choices are "turn off hotlink protection" (which... that annoyed me, the places I found my bandwidth being stolen the last time I looked; I wasn't anywhere near over quota, but still) or "find a service just for this purpose". Yuck.
no subject
Date: Mar. 9th, 2010 09:47 pm (UTC)From:Depends. Your hotlink blocker may have a wildcard feature. If so, *.insanejournal.com/* ought to work (assuming the configuration syntax uses asterisks, of course; let me know if you need a regex or something).
no subject
Date: Mar. 9th, 2010 09:53 pm (UTC)From:As I said in the OP, it seems to accept only full http:// ... items in the list. I've tried things with asterisks and also .insanejournal.com (with nothing leading) and they just vanish. I could try a regexp if you could supply one but I'm not very confident. (Experience with my usual attempts at wildcards being defeated was how I arrived at "and it's not feasible to enter all possible referers [manually].")
I don't know what the software actually is called (it just says "HotLink Protection" in Cpanel); I don't have that much control over the server. (They are running Apache but the format/syntax of the errors in the "Most recent 300 visitors" page I'm pasting from may be different.)
no subject
Date: Mar. 9th, 2010 10:09 pm (UTC)From:Oh. Well, crappity. :(
Ummmm... send a tech support request to your web hosting provider? I'll happily supply a regex, if you want, but I have trouble imagining that it would work. It sounds like they're sanitizing the data as you provide it, and would just strip out or reject it somehow.
(And kudos to them on the sanitizing; it may be annoying to us at the moment, but at least they're handling data properly instead of just taking any old thing and attempting to interpret it in some weird manner later.)
no subject
Date: Mar. 9th, 2010 10:41 pm (UTC)From:That was the only other thing I could think of either. I dunno if solving this kind of problem is included in the support they provide, but it might be worth a shot.
no subject
Date: Mar. 9th, 2010 10:46 pm (UTC)From:no subject
Date: Mar. 9th, 2010 11:10 pm (UTC)From:anyway, thanks for your help!
no subject
Date: Mar. 10th, 2010 12:30 am (UTC)From:It looks like what this tool is actually doing is writing me an .htaccess file in my root web directory without my having to know how to do that. If I understand right, all I should need to do is put another .htaccess file in the subdirectory I want "open" which doesn't do this blocking? (Learning the proper syntax is another problem, but doable.)
no subject
Date: Mar. 10th, 2010 12:45 am (UTC)From:If you can do both of those things, can you send me a copy?
You can harmlessly test to see if you can write changes to it by adding a comment line, such as:
# This is a comment
Apache reads any line beginning with # as a comment.
If that works out, we might be able to make this work. Might.
no subject
Date: Mar. 10th, 2010 01:13 am (UTC)From:I thought that just putting blank ones lower down would override it and say "that stuff you inherited from public_html, well forget all of it, it don't apply in public_html/pics/moodtheme" and that therefore image linking would work in that directory, but that appeared not to be the case. Seems I'm not understanding how .htaccess works and it needs to be specific commands.
no subject
Date: Mar. 10th, 2010 01:23 am (UTC)From:mod_rewritestuff.I'll need to actually look up the reference on it when I have a chance. I don't use this kind of thing so often that I can just whip out a fix right here at work. Is your LJ account going to expire super-soon, or have I got a couple of days?
As for putting something lower down, you could put a .htaccess file in the directory you wanted to un-protect and have it say something like "RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - just go ahead and hand them the image" to override the higher-up one. But you'd need an explicit rule, not just a blank file. I could look up the code for that, but I suspect you actually want it to only allow access from IJ (in addition to eristic.net).
no subject
Date: Mar. 10th, 2010 01:35 am (UTC)From:It's actually the IJ account which is the limiting factor as the soonest expiration (since I won't be able to edit the image uri's in its custom moodtheme thereafter), but that's not until March 17th. This LJ account isn't due until May sometime and
As for putting something lower down, you could put a .htaccess file in the directory you wanted to un-protect and have it say something like "RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - just go ahead and hand them the image" to override the higher-up one. But you'd need an explicit rule, not just a blank file. I could look up the code for that, but I suspect you actually want it to only allow access from IJ (in addition to eristic.net).
Strictly speaking, yes (IJ, LJ, and DW), although it would be fine to have those directories generally open for now and change it to a more strict command later.
no subject
Date: Mar. 15th, 2010 07:19 am (UTC)From:no subject
Date: Mar. 15th, 2010 03:58 pm (UTC)From:Did you copy the .htaccess file to the image directory, then add the new line(s) to what was already there? Or did you just make a new .htaccess file with just those new lines, and nothing else?
The former should work. The latter should not. But if you've tested it and found it to work, then that's good.
As far as keeping anyone else from making their own mood theme using it... I can't see a way to do that. Allowing hotlinking does allow hotlinking, so...
But I suspect the risk is low (and if someone tried it, you could always swap out the images for something that makes them look like horrible hotlinkers).
no subject
Date: Mar. 15th, 2010 06:22 pm (UTC)From:That, yeah. Those images are never referenced on eristic.net so it's not like that permission needed to be there, but it doesn't hurt anything.
But I suspect the risk is low (and if someone tried it, you could always swap out the images for something that makes them look like horrible hotlinkers).
It'd break my own moodtheme too, though, so at that point all I could do is switch back to a public one. But yeah, I think the risk is low.
no subject
Date: Mar. 15th, 2010 06:27 pm (UTC)From:Sorry, I just realized I left out a step! Example:
Suppose you have some icon at eristic.net/ljstuff/icon.png, and someone starts hotlinking to it. You could move that thing to .../new-icon.jpg, and replace it with a nasty image, and update your moodtheme to reference the new one.
A lot of work, true.
no subject
Date: Mar. 15th, 2010 06:49 pm (UTC)From:No, I couldn't, as I think I've said a couple times was the whole point of this exercise: to change them from ScrapBook urls to my website URLs before I couldn't anymore. Custom mood themes are a paid feature; if you have one in place when your account expires, it sticks (supposedly -- obviously I have never tested this before, but we'll find out on Wednesday), but you can't edit it. So I wouldn't be able to change the URLs for the pictures and if I changed the pictures themselves and broke it, my only option would be to revert to a public moodtheme (or live with broken, but that's silly).
no subject
Date: Mar. 15th, 2010 07:08 pm (UTC)From: