Here's a very old thread [webmasterworld.com].

A search of the archives on "referrer+links [google.com]", provides an abundance of examples and/or methods.

I am now trying to get htaccess to limit access to sites and folders unless they come from a particular site.

am trying these mod_setenvif in my htacces files but get an error message which ever way i access the site but getting no joy have tried several options below.

SetEnvIf Referer www.my_site.co.uk OK_allow
....
Allow from env=OK_allow

SetEnvIf Remote_Addr www.my_site.co.uk OK_allow
....
Allow from env=OK_allow

setenvifNoCase referer "^http://www.my_site.co.uk" OK_allow
setenvifNoCase referer "^http://my_site.co.uk" OK_allow
...
<Files ~ "download.html$">
Order Allow,Deny
Allow from env=OK_allow
</Files>

error message

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator

My ISP have suggested

RewriteCond %{HTTP_REFERER} my_site\.co.uk

But they dont seem to really know

Note also that literal periods in regular expressions patterns should be escaped, as in "site\.co\.uk"

Your developers will not be able to access these pages unless you also allow blank referrers: By definition, a typed-in URL has no referrer. Unfortunately, this also represents a 'hole' in the protection. As Wilderness stated above, access control by Referer is problematic.

You should use "Order Deny,Allow" and "Deny from All" in addition to your "Allow from env=OK_allow"

See Apache mod_access documentation for a description of Deny,Allow behaviour.

Jim