Translations:Manual:Image authorization/47/en

That should do the job for web servers with PHP running as an Apache module. No further Apache config file changes are neccessary. You then will never see the path to your images, img_auth.php intercepts all read accesses. But all of your images are served, including thumbs.