php - .htaccess file stop access of pic with direct URL


I have a website in php and CodeIgniter where user upload their profile pic and profile pic is stored in folder with name pic_uid.jpg .

And then my script load pic from same folder.

I want to stop direct access of pic using.htaccess file.

like if pic path is


If some one type this direct path, he will not get access to pic but when my script call this pic he can get access and show the pic.

I have tried many options but when i stop access to directory, my script also can't load pic.

How to achieve this ?





You can do something like this. Have a directory say,secured. And inside that directory, place this.htaccess:

Deny From All

And now, store all your image files there:

+ secured/
  - image-1.png
  - image-2.png
  - image-3.png

And in your PHP Script, use this proxy:

  /* true if the conditions met, like coming from the script or something */
  $right_user = true or false;
  if ($right_user) {
    header("Content-type: image/png");
    echo file_get_contents("secured/" . $_GET["file"]);
  } else {
    header("Content-type: text/plain");
    die("Ha ha! Can't steal!");

To reiterate what all I have done, I created a repo here at Cloud9. In that, I have got these files:

└── php
    ├── index.php
    ├── insecure.php
    └── secured
        ├── .htaccess
        └── hello.txt

And the each file has like this:


    header("Content-type: text/plain");
    if (file_exists("secured/" . $_GET["file"]))
        echo file_get_contents("secured/" . $_GET["file"]);
        echo "404! File Not Found.";


Deny From All


Hello, World.
I am not accessible through normal requests.
My location is in /php/secured/hello.txt.


Note: I am on a free account, so the server runs only for some time. Please make use of it.




For stop access of pic with direct URL
Use URI of codeiginiter copy this code in your routes.php

$route['uploads/users/(:any)'] = "page_not_found";

This code blocked all url accessing a folder uploads/users

People are also looking for solutions to the problem: php - e-mails send to microsoft addresses end up in spam, others are fine


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.