How to protect against direct access to images?

Question

I would like to create a web site with many images. But I would like to protect against direct access to images, e.g. direct links to images without visiting the web site.

Answer 1

You can dynamically protect a folder using htaccess and the users ip.

Add a .htaccess file to your images folder with the following lines:

order deny,allow
deny from all

Then use PHP to insert the users ip into the htaccess file when they log in like this:

The folder will be blocked from any ip that is not logged in.

Notice that I checked to see if the ip is valid. It is important that you give the user no way to inject their own code into your htaccess file.

Also notice that I put the users id in a comment to the right of the ip in the htaccess file. When the user logs out you can search the htaccess file and remove the ip of the user.

You can update this on every request to prevent users who are using dynamic ips from getting kicked off.

I use this method with my entire members areas, it is an excellent added layer of security. Just make sure that you put your log in scripts outside of the members folder.