Protecting files with htaccess

Brad_Lucas

Hi there.

Can someone have a look at the following code and tell me why it works sometimes and not all the time?

SetEnvIfNoCase Referer "(mydoman.net/photos|www .mydoman.net/photos)" local_ref=1
<FilesMatch ".(gif|jpg)">
Order allow,deny
allow from env=local_ref
</FilesMatch>

ErrorDocument 403 http ://mydomain.net/errors/403.htm

I want it so that if people try and access the images in this directory by any other means other than through my photo album page it'll tell them they can't do it.

If I type the URL of an image directly into the browser (http://mydomain.net/photos/gallery1/file.jpg) it displays the image. BUT if I hit the refresh button...it shows the 403 message.

Is there a way for me to make it so that it doesn't display the image at all (except through the appropriate pages)?

A bit of background to better explain what I'm trying to do:

I have a photo album on my site. It has the capability to have "registered users" who can log in and see photos that your average punter can't see.

But my worry is, if the registered users find the image path by looking in the page source they can then email that link to someone who can then look at the image without logging in (or registering for that matter). Which kind of defeats the purpose of the registration really.

Any suggestions?

Brad

jerdo

The referrer option doesn't seem to work consistently in htaccess, you could simply put the image directory inside the registered users directory and use htaccess and htpasswd to protect them.