(keeping this 2nd attempt short & sweet with no links, so i don't get marked as a spammer this time )

I have albums with passwords turned on. The problem is, people can still get to the pictures without the password, if they have the direct link like http://my.site.com/.../albums/.../xyz.jpg
So, I used the "Site Protection" page of the user guide and set up a .htaccess, looks like this....
.. but it doesn't work (people can still directly access the .jpg). Am I expecting the wrong thing or did I make a mistake?
thx

RewriteEngine On

It is actually recommended to allow blank referers as some personal firewalls or anti virus tools clear the referrer.

Uncomment the following line if you want to allow them.

RewriteCond %{HTTP_REFERER} !^$

Enter your domain here. Add more lines like this to allow more domains

If you are using Zenphoto in a subdomain write subdomain.yourdomain.com instead (www.)?yourdomain.com

RewriteCond %{HTTP_REFERER} !^http(s)?://tim.picturebrothers.ch [NC]

Protect your full images in the albums folder

RewriteRule .(jpg|jpeg|png|gif|flv|fla|mp4|m4v|m4a|mov|3gp)$ - [NC,F,L]

You did put that into the /albums folder? Last time this was tried (it is just taken from a htaccess site) it did work for me.

Since you mention just to be sure the passwords are only for Zenphoto controlled pages. Direct access is outside.

Have a link to one image to try maybe? Feel free to send via mail if you don't want to post it.