htaccess issue after setup restriction to folders

Question

I have a demand where I need to deny access to a folder (localhost\uploads\video). I got this by applying the below rule in the htacess at localhost:

RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC] 
RewriteRule \.(|avi|mp4)$ - [F,NC]

Scenario 1 - It works fine if I try to access the resoruce (.avi files mainly)by typing the address straighforward in the browser and this is the message: Forbidden You don't have permission to access /video/23/videoname.html on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.THIS IS OK.

Scenario 2 - With tis rule applied, if I try to click in any link in my homepage which leads me to the video I'm also getting the same message than in scenario 1 and this isn't what I wanted to. I thought when I would access through homepage(by clicking over the avi link) this message wouldn't come.

How can I get this done in this way? I want to block over direct access but I want to keep it working fine if this be executed from homepage...

Regards Eliel

Answer 1

Your regex seems to be problem for URI pattern matching. Change you rule to:

RewriteCond %{HTTP_REFERER} !(www\.)?domain\. [NC] 
RewriteRule \.(avi|mp4)$ - [F,NC]

Make sure to replace domain with your actual domain name.