Welcome to WebmasterWorld [webmasterworld.com]!

The md5 hash of the filename would have to be a fixed value; mod_rewrite can match (test) pre-defined URL strings and pass requests to scripts, but cannot directly call functions, such as MD5 hash routines.

This solution sounds over-complicated, and -- begging your pardon -- ineffective. Regardless of any modification or encoding of the filename, it will be "visible" to the user's browser and therefore, directly accessible -- at least for the next hour.

I'd suggest you look into issuing a short-lived cookie to each user who visits an authorized page on your site, and then check for that cookie using mod_rewrite (or a server-side script) before serving the .swf file. Users with a correct and current cookie can be redirected to the .swf file, and those with an expired cookie or no cookie can be redirected to a "please login" file -- both would have to be be .swf files. Only the browser would have the cookie, so any attempt to request the .swf file with a download tool would fail. Hotlinking would not work, because the linking site would not be able to issue the required cookie with the correct realm.

Another alternative would be to redirect all requests for the .swf file to a server-side script to handle the authorization, if you are more comfortable with perl or php, for example.

Our forum charter [webmasterworld.com] includes links to some basic resources about mod_rewrite.

Jim

You could create a small perl script that is included via SSI to hash the filename to an md5 string for output on your page. Then, when a hashed URL is requested by the client browser, mod_rewrite can rewrite the requested URL to another script to rewrite it to real file names.

The only requirement is that the requested hashed URL must contain enough unhashed plain-text in a fixed position to identify it as a URL that must be decoded.

Jim