The media players used to view .wmv files typically do not provide a referrer. Therefore, controlling multimedia file access by referrer is ineffective. Look into using a script to serve your media files and enforce access control based on cookies or session IDs.

Be aware that blocking blank referrers (as you are doing with your .jpg files if you use the same basic code) will make your site appear broken to visitors who are behind corporate and ISP caching proxies, e.g. AOL users.

To allow blank referrers, you'd use something like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteRule \.jpe?g$ - [F]

however, this does open a hole in your access control. It's a trade-off between allowing some unwelcome access and blocking legitimate access -- and only you can decide what's appropriate for your site.

I strongly suggest that referrer-based access control only be used to reduce (not eliminate) unauthorized access when it's not critical to your site security or revenue. The presence and correctness of an HTTP Referer header is simply not reliable enough to base access control on.

Jim

I can't thank you enough jdMorgan, I was aware of some blocking but not of blocking AOL users.

As for video, you have helped me make up my mind for good. I am just going to convert it into flash. At least then I can add a clickable link in the flash so that if someone hotlinks the file it will still link back to my site.