I'm looking for a way to block access to the webroot / upload directory.
I tried with an htaccess but the problem is that on the backoffice side I can no longer recover the images and documents
<Location "upload">
Order Allow,Deny
Deny from All
</Location>
Do you know a solution to have access to BO side but not by typing the complete url of the directory?
Thanks for your help.
You should move your upload directory out from webroot as you cannot display files that are outside the webroot via a direct URL.
Here is more info about this:
CakePHP - Saving and serving files outside of webroot