Protecting files in a live directory

[Mikalee]

Greetings,

I am working on a site which will have a members-only section to view video files. I can easily enough authenticate users before they view that page (and the embedded video), but I'd like to get your advice on how to prevent direct access to the video files.

I've done some research and I believe .htaccess can be used to check the HTTP_Referer and deny anyone but localhost - but I've also read that a certain number of people have security settings which block (or change) this information and thus it may not be a great option.

Example from http://www.thesitewizard.com/archive...dththeft.shtml

Code:

SetEnvIfNoCase Referer "^http://www.your-domain-name-here.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.your-domain-name-here.com$" locally_linked=1
SetEnvIfNoCase Referer "^http://your-domain-name-here.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://your-domain-name-here.com$" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Allow from env=locally_linked
</FilesMatch>

Any ideas would be greatly appreciated.

[Spathiphyllum]

I've used the same method. I'll usually include some sort of notice somewhere in the site's support pages to indicate that visitors must enable their client referer. It isn't perfect but it's better than nothing.