Uppercase JPG image files 403 Forbidden

[enchanted1]

Hello,

I've made some changes lately, switching hosts being one. Now my images with uppercase JPG are 403 Forbidden. There are too many to manually change; is there a rewrite I can add in the .htaccess file? Or is there another solution?


Thank you!
Gina

[mc12345678]

The images directory has an .htaccess file in it (hidden file) that contains a list of extensions that are acceptable. Because JPG is different than jpg, the uppercase (or any combination of upper and lower case) is effectively denied.

Would need to add JPG and other such uppercase extensions to the list(s) within that file and in similar places such as the templates directory as seen fit.

Ultimately/ideally those files should be renamed and the database reference to them should be modified (relatively easy to do with a sql statement) and future files should only be uploaded with the lower case.

On a side note, image handler 5 has recently been rewritten to *not* be able to work with uppercase extensions.

[lat9]

The images directory has an .htaccess file in it (hidden file) that contains a list of extensions that are acceptable. Because JPG is different than jpg, the uppercase (or any combination of upper and lower case) is effectively denied.

Would need to add JPG and other such uppercase extensions to the list(s) within that file and in similar places such as the templates directory as seen fit.

Ultimately/ideally those files should be renamed and the database reference to them should be modified (relatively easy to do with a sql statement) and future files should only be uploaded with the lower case.

On a side note, image handler 5 has recently been rewritten to *not* be able to work with uppercase extensions.

Not true. The change to IH-5 disallows the mixture of .jpg and .JPG files for a product.

[enchanted1]

In the image htaccess file, I added JPG to the code below but it didn't change anything:

<FilesMatch "(?i).*\.(jpe?g|gif|webp|png|swf)$" >

[enchanted1]

This is the whole image htaccess file:


#
# @copyright Copyright 2003-2013 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version GIT: $Id: Author: DrByte Fri May 17 14:29:18

2013 -0400 Modified in v1.5.2 $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved

exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people

from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in

your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is

not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">


<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>

# but now allow just *certain*

necessary files:
<FilesMatch "(?i).*\.(jpe?g|gif|webp|png|swf)$" >

<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow

from all
</IfModule>
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your

hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI



##################
## Optional caching improvements
## Requires mod_headers to be enabled within Apache
##################
<IfModule mod_headers.c>
Header unset Pragma
FileETag None
Header unset ETag
<FilesMatch "(?i).*\.(jpe?g|gif|webp|png|swf)$">
Header set Cache-control "max-

age=864000, public, must-revalidate"
Header unset Last-Modified
</FilesMatch>
</IfModule>

[mc12345678]

Well that got all hosed up... Will repost so that can ensure that text breaks are in the correct location and the content is correct.

[mc12345678]

This is the whole image htaccess file:


#
# @copyright Copyright 2003-2013 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version GIT: $Id: Author: DrByte Fri May 17 14:29:18

2013 -0400 Modified in v1.5.2 $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved

exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people

from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in

your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is

not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">


<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>

# but now allow just *certain*

necessary files:
<FilesMatch "(?i).*\.(jpe?g|gif|webp|png|swf)$" >

<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow

from all
</IfModule>
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your

hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI



##################
## Optional caching improvements
## Requires mod_headers to be enabled within Apache
##################
<IfModule mod_headers.c>
Header unset Pragma
FileETag None
Header unset ETag
<FilesMatch "(?i).*\.(jpe?g|gif|webp|png|swf)$">
Header set Cache-control "max-

age=864000, public, must-revalidate"
Header unset Last-Modified
</FilesMatch>
</IfModule>

So, I don't see the capitalized version of the file extension. Would suggest editing (for JPEG/JPG) as to the following in two places:

Code:

#
# @copyright Copyright 2003-2013 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version GIT: $Id: Author: DrByte  Fri May 17 14:29:18 2013 -0400 Modified in v1.5.2 $
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script,   be it PHP, PERL or whatever, can normally be executed if ExecCGI is   disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit'   and 'Indexes' parameters to the AllowOverride configuration in your  apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS   directive below, you'll need to add 'Options' to the AllowOverride  list,  if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
  

<IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
  </IfModule>
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch "(?i).*\.(jpe?g|JPE?G|gif|webp|png|swf)$" >

  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
  </IfModule>
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from   running scripts in this folder, uncomment the following line (if your  hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI



##################
## Optional caching improvements
## Requires mod_headers to be enabled within Apache
##################
<IfModule mod_headers.c>
  Header unset Pragma
  FileETag None
  Header unset ETag
  <FilesMatch "(?i).*\.(jpe?g|JPE?G|gif|webp|png|swf)$">
     Header set Cache-control "max-age=864000, public, must-revalidate"
    Header unset Last-Modified
  </FilesMatch>
</IfModule>

The file's permissions may not support saving the change(s) made which could be why the previous/described edits made do not appear in the attached content. Typically the file's attributes/permissions would need to be at least 0644 or possibly 0666 to support writing the change(s).

[mc12345678]

Not true. The change to IH-5 disallows the mixture of .jpg and .JPG files for a product.

Sorry, that was not so clearly understood from the discussion.

[lat9]

Isn't the (?i) in the FilesMatch directive indicating that the match is to be case-insensitive?

[enchanted1]

Ah ha! I didn't change the permissions first. Thank you for your help, it is greatly appreciated!