The problem is disclosing the folder structure of your site? You can mask the true location using a script. What I mean by this is, you create a PHP script that takes some file identifier as a parameter and serves the image from its true (but undisclosed) location without disclosing the actual file name. To see what I mean, check the [1600x1200] link in the "lightbox" on this page: http://jeffersonscher.com/photos/cook/advsetb/ -- there's no way for you to determine the true location or file name.

You can make this seamless using URL rewriting, but that adds a bit of overhead. The script also could require a session ID or HTTP_REFERER to reduce hotlinking or direct scraping.

Some URL will always be disclosed to the agent (human or robotic), so I'm not sure the above gets you any closer to your goal.

Thanks jscher2000,

But as you said i could not get any closer to it. Is there anyway we can block media info altogether?

Regards.

Is there anyway we can block media info altogether?

Instead of having Firefox retrieve images by URL, which is the normal way that browsers retrieve inline and background images, you can serve data URI's, which are images encoded as very long strings. Not all browsers handle data URI's. More info:

• https://developer.mozilla.org/en-US/docs/data_URIs
• http://msdn.microsoft.com/en-us/library/cc848897%28VS.85%29.aspx

I'm not sure I understand your security concern. How could direct access to an image by its URL, or knowledge of the location of one folder, be a problem?