How to prevent direct access folder and file through URL

How to prevent direct access folder and file through URL. My application permission is 755 but if we access through URL (https://domain/public/site/images/folder/abs.jpg) then it will directly accessible. I want prevent this type of accessing.

If we use .htaccess and bellow mentioned code then home page unable to display journal image.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteRule .
.(wav|swf|jpg|jpeg|gif|png|bmp|js|css)$ - [F,NC,L]

One user try bellow mentioned image.

I think file and image name must be renamed during upload.

This post talks about this topic, maybe it can help you.

1 Like

Only this was helpful but if we use this link Need help for hacking problem in OJS - #4 by asmecher then feature is disabled.
I think this is not a permanent solution.

I think there are two solutions that you can implement and that they recommend in his post:

; The maximum allowed size in kilobytes of each user's public files
; directory. This is where user's can upload images through the
; tinymce editor to their bio. Editors can upload images for
; some of the settings.
; Set this to 0 to disallow such uploads.
public_user_dir_size = 5000

And the Control Public Files plugin (It’s available in the Plugin Gallery)

Hi all! We are soliciting feedback and proposals for hacking claims via image uploads on this Github discussion. Feedback would be welcome.

Alec Smecher
Public Knowledge Project Team

1 Like