Sometimes you want the user to access something (a web page or a downloadable file) only by clicking a link on your own website instead of being able to directly access it by typing in the URL address in the browser address bar. This is achievable by a few lines in .htaccess.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(www.)?example.com/download-page.php
RewriteRule .* - [F]
Write down the above lines in the .htaccess of the directory that you want users to access only by clicking links on http://www.example.com/download-page.php or http://example.com/download-page.php. Direct access to download stuff from the directory or from any other HTTP referrer will fail.
While this may not be bullet proof as referral information can be faked from the client side, it is a simple solution that should suffice in most cases. For example, this can be used to prevent hot linking from other websites that link directly to something on your website, reducing traffic stealing.
very usefull! thank you so much!
how to allow .. a referral but deny JPG and other image content?