conf/_advanced.php

/**
 * Do you want to allow public access to the media dir?
 *
 * WARNING: If you set this to false, evocore will use /htsrv/getfile.php as a stub
 * to access files and getfile.php will check the User permisssion to view files.
 * HOWEVER this will not prevent users from hitting directly into the media folder
 * with their web browser. You still need to restrict access to the media folder
 * from your webserver.
 *
 * @global boolean
 */
$public_access_to_media = true;

¥

cool, thanks. Is this documented somewhere (I looked but did not find it)?

I've no idea what is and isn't documented, but I'd guess it's not documented.

If you disable public access then you *should* be able to add an htaccess to /media/ to forbid everyone from accessing it via the web.

¥