By zeebo on

I'm fairly new to Drupal, and have been searching for an answer to this question for a while. I'm quite confused so any help is much appreciated.

I'm using the Content Access module to control access to pages by role. This is working fine except for one issue. If I include an image with an html img tag, the image then becomes accessible by direct URL even if you are not logged into the system. E.g. if I include an img tag with "src=myfiles/file.jpg", then anyone can just go to mysite/myfiles/file.jpg and see the image.

So my question is, is there any way to block direct URL access to an image file while still being able to include it in a page with an img tag?

Thanks!

Categories: Drupal 6.x

Comments

odegard’s picture

odegard commented

This is probably a webserver issue. What webserver are you running?

In apache, you could do like this to stop direct access to images as described on this page:

http://www.selfseo.com/story-18469.php

It's the first site that came up when I searched for "block direct image access" in google. You should try it, it's great!

zeebo’s picture

zeebo commented

Thanks for pointing me in that direction. After days searching on Drupal forums and Google too I was totally confused by it all. I'd tried .htaccess "allow,deny" lines which didn't work, and got lost trying to figure out Drupal's "private file" system, etc. Anyhow your info provided on "hotlinking", which I didn't even know is what I was trying to prevent (which is probably why I couldn't find it through Google), led me to this site which helps you build your own .htaccess file for the directory you want to block images in:

http://www.htaccesstools.com/hotlink-protection/

These are the .htaccess lines that works for me:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

It blocks any access to that dir with a full absolute url e.g http://mysite.com/mydir/myfile.jpg but allows me to place an img tag with a relative url e.g. "src=mydir/myfile.jpg" on my page.

Hope this is helpful to others and much thanks to you odegard.

cm1se7en’s picture

cm1se7en commented

i try like that, localhost is ok but online host is doen't work. :{

kushallinux1’s picture

kushallinux1 commented

I have 2 different domain
e.q www.abc.com/login.php
this page contains link for send domain

my 2nd domain is :
www.xyz.com/index.php

now i want that "www.xyz.com/index.php" is not open directly

2nd URL will be open only from 1st URL

thnkx in advance