Currently, we use folders inside webroot to store images and videos that we upload in the form (using the usual html image helper) that require login.
How can I prevent outside visitors from simply making URLs site.com/img/photos/1.jpgand accessing images? From what I understand, I cannot use media representations to render the image in the correct representation, and I cannot figure out if there is a solution using htaccess processing.
What is the best practice for this? Perhaps it is better to choose a folder with non-webroot (although this will complicate the work with the file part)?
As suggested by poncha, I tried to edit the main .htaccess file in this
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !localhost
RewriteCond %{REQUEST_URI} ^app/webroot/img/
RewriteRule .* / [L,F]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
, -, , , , img.
2:
htaccess webroot:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
RewriteCond %{REQUEST_URI} !^/app/webroot/
RewriteRule (.*) app/webroot/$1 [L,R]
RewriteCond %{HTTP_REFERER} !127.0.0.1
RewriteCond %{REQUEST_URI} ^/app/webroot/img/
RewriteRule .* - [L,F]
</IfModule>