lucy24 - 10:32 pm on Nov 14, 2012 (gmt 0)
But only at the expense of speed loss everywhere. Especially if you're using an exclusion method that looks at all requests all the time. Since each request is an island, your htaccess doesn't know that those eighteen consecutive image requests come from a page that the visitor has already got permission to visit, so there's rarely any point to checking permissions* all over again. (I'm talking here about generic allows and denies, not the separate issue of hotlinks.)
Hm. Would it save any time overall if the WHOLE list of Deny from... directives were placed inside a Files envelope that constrained it all to .html requests? Or would the envelope itself add even more time to request processing? No, I have no idea why this question never occurred to me before.
* "Permission" in the casual sense, not the 401 sense.