Translations:Manual:Image authorization/26/en

Image authorisation works by "intercepting" the URL and checking to see if the remainder (PATH_INFO) is in an area where the user has access based on the standard User ID and any Namespace, etc. protections you've assigned.