I am currently using this to block everyone except when referred by my website. I know it is possible to spoof the http_referer but are there any alternative ways to overcome the spoofing? Or is there any other ways which would be more secure? RewriteEngine On RewriteCond %{REQUEST_FILENAME} .*avi$|.*mkv$|.*wmv$|.*zip$|[NC] RewriteCond %{HTTP_REFERER} !domain.com [NC] RewriteRule (.*) /denied.html
You're not checking for the www. prefix. And there's no way to protect yourself against Referer spoofing. Jay