I have a module which enable user to upload photos to a certain path like
domain/media/img/uploadedFiles/
I would like to user can upload photo to this location but he cannot reach the uploaded photo by writing
domain.com/media/img/uploadedFiles/filename
I have achieved not to list the files in that path by using .htaccess file but If user knows the name of the uploaded file he can still reach that file.
Thanks
Assuming you're using Apache, you can block access to files in .htaccess too. For example:
<Files private.html>
Order allow,deny
Deny from all
</Files>
To prevent users from accessing any files in the directory, try putting an .htaccess file containing this inside the directory, which sets the default state to deny:
Order Allow,Deny
For more examples of specifying what resources you want to protect, see http://httpd.apache.org/docs/2.2/sections.html
See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more information on access control with Apache.