By monti on
a message from a hosting company (Feb-2nd-2010) after images disappeared:
Symlinks are no longer safe on the internet. We had to disable them for our whole company.
To get your pictures to work again you need to edit /sites/default/files/.htaccess.
Change the line that says:
Options +FollowSymLinks
to be:
Options SymLinksIfOwnerMatch
Comments
BlueHost/Hostmonster
This is going on with BlueHost/Hostmonster. Thanks for the fix & more info on this thread
http://drupal.org/node/701994
This was also basically what I ran into they did with the auto script altering the root .htaccess but the one that is automatically generated in /sites/all/files/.htaccess has a "bad" directive now. - this directive borks the default file upload:
Notes by jshimota01:
And this should work to get changes to stick:
Differences for Drupal 5 and 6
Any unchanged .htaccess documents in the "files" folder have been the culprit on my Drupal sites.
When Hostmonster made this change to a dozen of my websites (without the courtesy of a notice to customers before or after it occured), they seemed to have tracked down only the .htaccess documents in the root directories of sites, as well as those the root directories of subdomains. They missed any other .htaccess documents, which left them in direct conflict.
In 5, the files directory is typically in the root, whereas in 6, it is typically located at sites/default/files. It's possible that more .htaccess documents are stashed in various locations on various Drupal installations.
One other note if you're trying to locate .htaccess documents: depending on your FTP software, these files may be considered "hidden," and may need to be "unhidden" via options or preferences settings. I believe programs such as FireFTP and SmartFTP come out of the box with hidden files not showing, IIRC.
This fix fails for me
After installing a new Drupal-6.x site on Bluehost, the main .htaccess file was changed as described above:
When I changed Garland's default color scheme, as expected all styling went away. I changed sites/default/files/.htaccess as instructed:
However, the site is still nuked. Any ideas what I'm doing wrong?
Fixing directory permissions solved the problem
I chatted with a Bluehost support person, who graciously tracked down the problem: Permissions on directories sites/default and sites/default/files were 555. After setting them to 755, .css access was restored.
To those frustrated with Bluehost's and other hosts' changes: Yes, they should have notified clients of the changes, but the security threat posed by symbolic links is real. To quote from "Cooking Apache":
I had the same problem
I had the same problem with all my Drupal websites hosted on HostMonster.
When Optimize CSS was enable, the styles were not showing, and ImageCache was not working neither.
At least you had a message, I spent several hours trying to find out what was happening.
I had the some problem with
I had the some problem with Drupal sites on Hostmonster. A message notifying users of such changes would have been a sensible thing to do. So far I have had no trouble with hostmonster, at least I did not notice, but it's pretty annoying that they did not bother to inform their customers.
Still having a problem
Thanks everyone for the posts on this subject. I was up all night before I called Hostmonster and found that they were "having a problem" with Drupal sites. I have a multi-site set up and made the recommended changes to the .htaccess files (they made them for me in the root), then I changed the default .htaccess and the .htaccess in all the subfolders. One just doesn't seem to be rectifying... http://www.phillystagereview.com . I have no idea why. Can anyone help? This is one of my first production sites and we're actively promoting it. Thanks for any ideas!
Problem resolved
Subject closed. I had a files folder with an .htaccess file in the root that I missed. Thanks again.
Hi! Thank you for this
Hi! Thank you for this post.
I not only got missing images and CSS, but also Internal Server Error 500.
By changing the drupal root's .htaccess file's options to:
#Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
and the .htaccess in / sites/default/files
I was able to get the 'error' to go away, and get the images and css back!
Stew West
Same for Drupal 9
in the .htaccess in /sites/default/files
# Options -Indexes -ExecCGI -Includes -MultiViews
Options +SymLinksIfOwnerMatch