I need to restrict access to a bunch of images. I still need to access them with a browser but I dont want anyone typing the URI directly into the browser. I had a look at a bunch of options and decided to restrict using HTTP_REFERER as the images will only be called from one URI.

My intention is to redirect anyone to the 404 page if they were not sent by [www\.mysite\.com...] (this url could have a variable on the end)

this is my code:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^https://www\.mysite\.com/login/main.php [NC]
RewriteRule [mysite.com...] [R=404,L]

Does anyone know what my mistake is?
Are there any vulnerabilities using this method?

Thanks

Ray...