Serving images with PHP very slow

Question

I allow my website users to upload images and then I then serve up the images using a PHP script. However, this is noticeably slower than a static link.

The reason I use PHP to serve the images is because I am trying to prevent people from being able to access the folder which stores the images.

Should I make use of an .htaccess file? I'm also thinking about an ALIAS in the httpd but not sure how to make use of this or whether it's suitable at all - could i reference a folder outside the root using this?

Any help would be much appreciated.

Thanks

header("Content-type: " . filetype($file) . "\n"); header("Content-Disposition: inline; filename=\"{$image}\"\n"); header("Content-Length: ".(string)(filesize($file))); @readfile($file);

Answer 1

Use Options -Indexes inside a Directory tag to disable indexes. However, you should go a step farther than this.

For security and general filesystem hygiene, you should keep your assets (images, etc) in directories separate from your code.

Then you can add this to your apache config:

<Directory /directory/where/assets/are>
    Order Allow,Deny
    Allow from all
    Options None
    AllowOverride None
    <IfModule mod_php5.c>
        RemoveHandler .php
        RemoveType .php
        php_flag engine off
    </IfModule>
</Directory>

This will disable any execution of files as scripts in your asset directory as well as disable file listing, but allow anyone to download these files. It is important to secure directories with user-uploaded files in this way because they may upload malicious php scripts which you can then host.

Answer 2

Use a .htaccess file with the single line:

IndexIgnore *

Then, the user can access the folder but can't see anything in it.

Alternatively, add a file called index.html but leave it blank (or include a "You may not view this page" message)