Ok, just to clarify what I have:
The default directory we use for images, media, and flash is set for /games and not /uploads. Our games directory holds over 2,000 subdirectories where images and movies are stored.
For example, this is one of our directories: /games/2677/10.jpg. And we have thumbnails for those at: /games/2677/thumbs/10.jpg
Now I checked both the virtual directory permissions, and the hard directory permissions. I have probably OVER opened the directories just to get past this issue and have read and write virtual permissions checked in IIS.
Can I remove this code from the browse_img.asp or browse_media.asp files?
"If InStr(Lcase(ImageGalleryPath),Lcase(trim(Session("ImageGalleryPath")))) <= 0 or Session("ImageGalleryPath") ="" then
Response.Write "The area you are attempting to access is forbidden"
Response.End
End If"