Hi

I am working on one project with Umbraco 7.1.6.

On the website, any user can be able to upload wallpaper / image and manipulate it without Log In to the website. The User, upload images / wallpaper stored on one folder on my web project root directory say (UserUploadImages).

Now the problem is that during testing we have found that if user enters the path of the file directly in the browser then it's open in browser like (www.mydomainname.com/UserUploadImages/File1.jpg) and the file open in browser.

On IIS, i have disabled "Directory Browsing" on UserUploadImages directory. So it has stopped directory browsing on browser. But suppose i enter file name with full url then it's opening in browser (www.mydomainname.com/UserUploadImages/File1.jpg). 

On IIS, i have also tried with "Request Filter" and added UserUploadImages on "Hidden Segments". It has stopped Directory / File browsing on browser. But the problem is that then user uploaded images is not appearing on any of my webpages for manipulation like (crop image , order page, and so on)

I want to stop this. User should not be able to browse directory and their content from Browser. Can we show message or alert box if user is trying to write open file directly from browser ?

Can anyone please guide me here ? As i am newbbie.

Thanks,

Rohan Dave