Restrict Access To Folders from non authenticated users

[cksraj]

I've a folder which holds image (.gif/.jpg) files. the folder has been given --rwe-- permission to get the URL access. However, this allows unauthorized persons to access the images directly from the URL, the following proposed solution does not work:

 

1. putting the image folder outside my root directory - i don't have access to the root directory

 

2. having <directory> read and write </directory> permission, but does not work - it blocks php script to execute.

 

Can anyone suggest me the solution for my problem?

 

Problems:

1. I should have images access only to the PHP scripts and authenticated users.

2. Restrict the direct access to the images (by non authenticated users)

 

Thanks

Crew Kasy Raj

[Buddski]

Have you thought of putting an index file in the folder with 404 error details?

<?php
header("HTTP/1.0 404 Not Found");
?>

[cksraj]

Thanks for your reply.

 

I tried that it is working fine. But if I want to restrict the access when non authenticated users tries with absoulte/complete path, that is including image name

 

http://servername/website/main/editor/images/main.gif

 

How can I do this?

 

Thanks

CrewKasyRaj

[Buddski]

You might have to password protect the directory or alternatively you can write a crazy little thing with .htaccess which will grab the path.. and pass it into a PHP script which will check if the user is authenticated (im assuming you are talking about PHP sessions etc) and if they are autenticated give them the image otherwise give a 404..