this might do it:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteRule \.mp3$ - [F]

[edited by: jdMorgan at 8:35 pm (utc) on June 15, 2007]
[edit reason] Corrected the spacing issue cited below. [/edit]

i tried it but it's not working, when i try to download an .mp3 files it gives me a 500 error and i can't stream the mp3 file from the other site.

is this code suppose to make the .mp3 files only available through referral of the stated site cos that what i really want

in the 4th line there is supposed to be a space between the '{' and the '!'.
either a typo or the space was lost in formatting when i posted the response.

this config is supposed to check that there is a referrer and that the referrer is not either example.com or www.example.com.
if both conditions are met, it should send a 403 code (Forbidden)

check your logs to see what the referrer string is and for hints on what caused the internal server error.

this is the error i got

RewriteCond: bad argument line '%{HTTP_REFERER}!^http://(www\\.)?example\\.com[NC]'\n

but i will try it again now

and one more thing, what if the example.com is example.com.uk where will add the .uk?

still not working.............i need help. phranque, thanks for the help so far, but i would appreciate it if you could make this stuff work.

It will be up to you to get it to work... It is, after all, your site... :)

Phranque's code is correct, and the .co.uk is the only important change here:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.co\.uk [NC]
RewriteRule \.mp3$ - [F]

Note every character and space -- The code will not work if even one is wrong, and that is the nature of this stuff: Very compact, very powerful, and utterly unforgiving of errors.

Occasionally, we run into character-set problems here as well; If you are seeing any 'weird' characters in the code, let us know. They should all be characters in the U.S.-ASCII character set, as that is what was used to build Apache.

Jim

thanks Jim, i'll try to get it to work.....

i can't get it to work, if there's any other suggestions , tips or something please someone should tell me. Thanks

will the above work on all referrals from any directory in http://example.com?..............in other words will access be granted to any referral from http://example.com..

will the code if u want a specific file or directory to have access to the .mp3 files thru referral?

The code is not written to "grant" access. It is written to deny access if the HTTP Referrer is NOT blank and is NOT your own domain.

Jim

i got this error

RewriteCond: bad argument line '%{HTTP_REFERER}'\n

but after adding!^$ to RewriteCond %{HTTP_REFERER} to make it become

RewriteCond %{HTTP_REFERER}!^$

no more error, but it didn't solve the problem, i was still able to download the song directly from the browser by typing the link into the address bar

RewriteCond: bad argument line '%{HTTP_REFERER}'\n

You got this error because you left off the period. "." and "!^$" are logically equivalent, but "." is shorter.

Type-in access will be allowed, because a directly-typed-in URL by definition has no referrer.

If you want to block type-ins while not blocking legitimate users whose security software, ISP, or corporate network blocks HTTP referrers, you will need a script-and-cookie-based solution, or a solution that involves renaming the files periodically and updating your pages to point to the new URLs.

Because there are many music/video sites with this same problem, I suspect you should be able to buy an off-the-shelf script reasonably cheaply.

Jim

ok, any suggestion of commercial script that might help.
thanks for the quick reply.

I don't know, since I don't run a music/video site. We also don't allow product recommendations here at WebmasterWorld -- Ther is no way we can tell an earnest satisfied customer from a purely-promotional post by the marketer of the script. WebmasterWorld is a place to discuss doing business, not a place to do business...

You should be able to find something by doing a few searches and by looking at PERL and PHP script archive sites.

The concept is simple: When a visitor visits an "authorizing" page on your site, a short-term session cookie is set in his browser. When the visitor requests a media file, his request is handled by a script. The script checks that the cookie exists and has not expired. If the cookie is good, then the script opens the media file and sends the contents to the visitor. If the cookie does not exist, has expired, or is otherwise invalid, the script sends a redirect to the visitor, sends an alternate file, or sends an "access denied" response -- your choice.

Jim