How to protect your images
- Last Updated on Friday, 20 September 2013 20:30
So, why this article?
While it is impossible to protect images that are publicly presented on a site there are many people who restrict the displaying of images to certain users or user groups by using Joomla!'s access levels. These parts of the site and the gallery will only be available for those users then, however if an unauthorised user knows or guesses the actual image paths and names (those ending with e.g. .jpg) he will be able to see the image anyway (that's because access checks can only be done within the PHP script and not for delivery of media files).
In JoomGallery, it is very easy to solve this problem:
- Create a file called '.htaccess' (note the single full stop at the beginning).
- In this file insert the single line of words 'deny from all'.
- Dublicate this file and upload it into the detail image directory and the original image directory (exactly those directories that you can see in tab 'General Settings' -> 'Paths and directories' of the configuration manager for the detail and original images).
- Ensure that the option 'Use real paths' in the same tab is set to 'No' (this is already the default).
This way, the .htaccess files with 'deny from all' prevent the access to all detail and original images for each and every user and visitor. So your images are absolutely protected, but users with allowed access rights will still be able to see the images because JoomGallery outputs them through the PHP script (thus, access checks are possible).
Please note that this procedure is not possible for protecting thumbnails. If you want to also protect your thumbnails you have to move the thumbnails directory out of the domain area. For that, please read the notes given at the top of the 'Paths and directories' tab, but we don't recommend to protect your thumbnails because it would slow done your gallery a bit. However, you can use this method also for detail and original images if you don't want to (or cannot) use the '.htaccess' file. .htaccess files cannot be used on IIS servers, for example.