I have set up a wiki where the LocalSettings is set to not allow unauthenticated users access except to the Login and Help page via a $wgWhiteListRead setting for those two pages. This works just fine.
However, I can go directly to the images directory via the browser and access all content stored there. For example, if my wiki is stored in the directory /var/www/html/wiki on a machine names wikis.example.com and I have saved images, I can access those images by pointing my browser to http://wikis.example.com/wiki/images.
I am presented with the directory tree and can access all files saved under the images directory. I cannot find anything in the archives describing this and how to restrict access. I plan to try .htaccess but I was wondering if there is a better approach and whether other directories are as unprotected as the images directory from being read by non-logged in users. Maybe a httpd.conf directive?
Any help appreciated.
-Jim