How to block access to an image from certain urls in my website?

Question

I have a website with multiple embedded images...

On the server side I store many versions of the same image (for sizing, etc.)

e.g. image.jpg, image-thumb.jpg, image-original.jpg

However I also keep a copy of the original, unedited image which contains sensitive information that I would like to keep away from public access. As it stands, if someone edits my source from "image.jpg" to "image-original.jpg" they can see the original, which is a security risk.

I keep these original images so that they can be used in my custom backend CMS portal to edit the images as needed.

Is there a way to prevent access to the original? Perhaps by blocking loading of the original images folder unless the request is coming from certain locations on my website?

Answer 1

Okay, figured it out.

I added a deny all .htaccess file for the subdirectory that my images are stored in.

Then I served all images through a php script like this:

    // open file in binary mode
    $filename = 'img/'.$GET['img'];
    $imagefile = fopen($name, 'rb');

    // send the right headers
    header("Content-Type: image/jpg");
    header("Content-Length: " . filesize($filename));

    // dump the picture and stop the script
    fpassthru($imagefile );

Then it was easy to implement any logic I wanted, in order to prevent certain files from being opened. In this case I just did:

    if(strpos($_GET['name'], 'original')!=false){
        die();
    }

We can also include any logic needed to make sure that an admin user is logged in, etc...