i am using iis + php + vbb + vbgallery
The uploaded image can be accessed directly via the image url, e.g. http://xxxx/gallery/files/x/xxx.jpg
without checking permission.
It seems that the files is served directly by IIS.
Is there any way we can block anonymous to access the images? and force user login when accessing the image?