I want to protect members' resources while leveraging Apache's ability to serve static files(images, videos, audios).

For example,
on a dating web site, each member has a profile which has a couple of images. the images are stored in the disk. it's really fast to serve the images through img links via a web server. but I don't want people to be able to crawl images or see other members' images by guessing the image locations.

I know I can use a script to get files where I can make sure the user already logs in:

img src="hostname/getFile.php?id=blah"

but that doesn't seem to make use of Apache's ability to serve static files.

how can I leverage on apache while protecting resources?

I develope the application using Rails.