I'm not the best at this but could you not get the php script to write a rule for a unique (random) URL to the .htaccess file before sending the user on to that URL, then delete the rule after a set time limit?

It's quick and dirty but may work for a site that isn't too busy.

I am not sure I understand exactly what you are trying to do, but if you are using GET variables, you can use a QUERY_STRING condition...

RewriteCond %{QUERY_STRING} ^yourvariable=(someEXPRESSION)
RewriteRule ^([^.]+\.rar)$ /validate.php?what-ever-you-would-like=$1-OR-%1 [NC,L]

%1 rather than $1 will give you the back-reference from the condition.

Hope this gives you some ideas.

Justin

BTW Added L flag to the rule -- should always be present, unless you know you do not need it.

My rewrite is being used to redirect away from the requested .zip file in order to force a login screen and validation from a php script (validate.php). If user is validated then I want the requested .zip file to start downloading. Problem is, it loops, trying to redirect to my php again.

Somehow, I either need to let .htaccess know that the user has been validated and not redirect (using a flag variable?)
OR..
only let .htaccess redirect when coming FROM a certain URL. Since my php script is the only one on the site, maybe it could allow access to the .zip file only if coming from .php?

Don't know whether either option is possible, I've looked around and find next to nothing.