How can activate under attack on image only

How can activate under attake on image only
all my image inside folders like this

https://example.com/wp-content/uploads/WP-manga/data/examplefolder/examplefolder/2.webp
https://example.com/wp-content/uploads/WP-manga/data/examplefolder2/examplefolder2/7.png
https://example.com/wp-content/uploads/WP-manga/data/examplefolder3/examplefolder3/4.jpg

I want to activate Under Attack Protection because it’s the only way to prevent people from stealing my content

Since you’re referencing the example URLs which point to the image resource.

I wonder, if you might need a “Hotlink Protection” feature which is available and can be enabled if you navigate to the Cloudflare dashboard → Scrape Shield → Hotlink Protection.

More about this feature can be read at the link below:

Otherwise, you could try to inspect your access log files and figoure out the IPs and user-agent. Based on the IP, you could figure out the AS number and block them (with an caution!) or block IPs via IP Access Rules.
However, not the best option, and if it’s some kind of a scraper/crawler, you could block them in future by using Firewall Rules depending on the part of the “user-agent” string at least.
I believe there are some other ideas which could be shared too, if so.

They download the image manually by downloading apps

As I am not aware what kind of type the images are you having on your website, however is there a way you could add some kind of a watermark over them?

I know there were some solutions with Cloudflare Workers / Cloudflare Images, or with some Cloudflare App :thinking:

I allready have add watermark on every image but did not stopp them
I have add Page Rules with Select Security Level(under attake) on image only but that makes the image not showing in the website

You can set up a Firewall Rule to JS Challenge any path the CONTAINS “manga/data” AND (CONTAINS webp OR CONTAINS png OR CONTAINS jpg)

(http.request.uri.path contains "manga/data") and (http.request.uri contains ".png" or http.request.uri contains ".webp" or http.request.uri contains ".jpg")

And then test to see if it works, and does not interfere with regular operation of the site because of this:

You can try checking the referrer, but lots of scrapers send that header anyway, and your own site might not.

(http.request.uri.path contains "manga/data") and (not http.referer contains "example.com") and (http.request.uri contains ".png" or http.request.uri contains ".webp" or http.request.uri contains ".jpg")

Keep in mind that any image that is publicly viewable can will not be theft-proof. It won’t take much to get past that first challenge, then grab everything after that.

what is JS Challenge?

It’s what Under Attack mode uses.

I have made the Firewall rule :

(http.request.uri.path contains “manga/data” and not http.referer contains “mywebsite.com” and http.request.uri contains “.png”) or (http.request.uri contains “.webp”) or (http.request.uri contains “.jpg”)

and same give me blank image