We need to prevent direct access of files on our site from someone just entering a URL in their browser. I got this to work by using an htaccess file and it is fine in IE & Safari, but for some reason Firefox doesn't cooperate. I think it has something to do with the way Firefox reports referrers.
Here is my code in the .htaccess file.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://(my\.)?bigtimbermedia\.com/.*$ [NC]
RewriteRule \.(swf|gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ http://my.bigtimbermedia.com/ [R,L]
If you want to see an example of this, try accessing this first…
http://my.bigtimbermedia.com/books/bpGreyWolvesflip/index.html
It blocks it properly in all browsers.
Now if you go to this URL and click on the link, it works in IE and Safari, but Firefox chokes and seems like it is in a loop.
Any ideas how I can get this to work in Firefox? Thanks!
Best Answer
Could you just use
So that you're matching whatever the machine thinks the host is?