The first problem is that you have two directives on one line, which is not allowed. If this seems to be an artifact of posting here, then it is likely that you're using some editor that is inserting incorrect line-enders in your file. Use NotePad if you don't have anything else, but the line enders must be either Linefeed-only (LF) on Unix or carriage-return-linefeed (CR-LF) on Windoze.

Be aware that anyone accessing your site through a corporate or ISP caching proxy --such as *all* of AOL-- will be denied access unless you make provisions for them -- these caching proxies do not provide an HTTP_REFERRER. So you will either need to allow for blank referrers, or set up a 24/7 help desk to handle customer support calls from these users...

# If referrer is non-blank
RewriteCond %{HTTP_REFERER} .
# and referrer is NOT my site or www.mysite
RewriteCond %{HTTP_REFERER} !^(www\.)?example\.com
# then deny access to protected page
RewriteRule ^protected_page\.html$ - [F]

A search on this forum for "hotlinking RewriteRule" will turn up hundreds of threads with additional working example code.

Access control by referrer is unreliable, because the availability of the HTTP_REFERER request header is unreliable. If you need more 'security,' then a script-and-cookies solution will be required; Set the cookie on the approved-entry-point page, then check it using another script or with the RewriteCond %{HTTP_COOKIE} provision of mod_rewrite. But with this approach, users whose clients do not accept cookies will be blocked. You might also consider password-protecting the page using Apache's basic authentication mechanism -- See the Apache authentication and authorization tutorial for more info.

Jim

thanks!

my latest attempt was this. It effectively blocked the page...from everything.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName AllowLocalAccess
AuthType Basic

order deny,allow
deny from all
allow from .mydomain.com

I'm going to go back and re-work my origional attempt. (I get confused so easily and just as quickly fustrated)
Thank you for the heads up the line carriage return.
But I was always under the assumption that the .htaccess file had to be put on one line.

> But I was always under the assumption that the .htaccess file had to be put on one line.

How many examples of that can you find [google.com]?... :)

More likely, you were viewing a Unix-format example using a Windows-format viewer, so the code appeared to be on one line...

Jim

I got it to work and ended up using javascript and cookie solution.

now this line rule for .htaccess files.
Can you point me in the right direction so I can better understand this? And remember, I'm determined but I'm fundementally stupid. So the smaller the words are in the explanation, the better for me. :)

> now this line rule for .htaccess files. Can you point me in the right direction so I can better understand this?

I'm sorry, what is the question here? I'm not sure what you mean by "line rule."

> And remember, I'm determined but I'm fundamentally stupid.

I doubt that latter assertion... But I would posit that perhaps you attach less importance to research than successful server configuration demands. If you want to save time and trouble over the long term, take a look at some of the example code posted here on subjects that apply to your site. Then go through that code line-by-line, and look up each directive that is being used. You might even want to print out the Apache documents that apply to each directive that you think you may need (now or later). Stick all of these printouts into a three-ring binder, and put them in a place where you spend time sitting down but otherwise cannot do revenue-affecting business -- Hint: Many such places have tile on the walls and ceramic seating infrastructure... When present in that location, open the binder and read.

While the above may seem flippant, it is in fact the method that your correspondent used to some success to learn Apache. At first, most of it does not make sense, and finding supporting information is difficult. After awhile, though, most of it begins to makes sense, and you know which module to turn to find the info you need.

The following are both true:

Apache is very difficult to understand.

Apache is very easy to understand.
The critical determining factor is research and experience.

Back to the details of this thread: You will be better off to use server-side scripting such as PERL, PHP, or mod_rewrite to set and/or check the cookie. Otherwise, using client-side scripting, you expose the details of the cookie implementation to the client or to the the hotlinker, who may simply copy your JavaScript onto their own page, and therefore bypass your access control measures.

Jim

the grand problem I have is that most of the technical papers is writen in english. I can read and write english but it isn't fast and it is really difficult doing tranductions on technical words.

Tranduction programs just don't do well. French webmaster forums are not many or are adult and they most just give me the same english resource.

So as I have said, I am determined but fundamentally stupid.

Cette livre, peut-etre? [amazon.fr...]

Chaque chapitre traite d'un thème bien circonscrit dont voici une liste non exhaustive : - Téléchargement et compilation d'Apache, - Configuration et gestion de l'activité, - Programmation CGI, - Authentification et sécurité, - Indexation, redirection, mandataires (proxies), SSI, - Historiques et traces d'activité, - Exploitation de l'API et développement de modules. Le CD-ROM inclus contient les sources d'Apache 1.3.12 accompagnés de plusieurs contributions, ainsi que de nombreux binaires...

Aussi: [amazon.fr...]

:)

Jim

Tabarnac! êtes-vous français?
Alors, merci beaucoup! Votre aide est très gentil.
D'accord, j'ai acheté hier soir.

Non, je suis un Texan... Mais j'attend l'école Français "Jardin de Les Enfants" a Saigon, 1959.
J'oublie la plus-part des la langue, malheureusement. :(

Jim

Note to readers: WebmasterWorld has a policy of "English-only" in the forums, as otherwise it would be impossible to moderate the forums as required by our Terms of Service unless we had a moderator from every language group on earth. I hope this bit of fun is tolerated, though. I have recommended two books on Apache server which are available in French, as found at the Amazon.fr site and Michel has ordered them. Asked if I am French, I have replied that I'm a Texan, that I went to a French school in my youth, but have forgotten most of my French. (My grammar is probably off a bit, and spelling and written accent usage are most likely attrocious.)

[edited by: jdMorgan at 2:49 pm (utc) on April 24, 2007]

That you are a Texian does not surprise me.
In France they say that New Yorkers are english Parisiens.
And Texians are like the french of the rest of the country.

To date every american that I have met that speaks the french has been from Texas and they speak it very well. (Most do it with a french accent)

You did extremly well with your french. It was not difficult to understand. I am certain that if you came to france you would be able to fit in and speak properly within a some weeks.

And in french you are un Texi-EN or une Texi-enne.