Deny access from not-logged in users, but allow access from local script files

Question

I have a .htaccess script located in my Wordpress upload-folder, where I only allow Logged in users to see the files, to prevent users sharing links to a members only area.

My problem is that I have a ZIP-functionality that access the folder as well, and this doesn't work together...

.htaccess:

 RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
 RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
 RewriteRule . - [R=403,L]

What can I do to allow access from my server???

Answer 1

You should use access control: http://httpd.apache.org/docs/2.2/howto/access.html

Order allow,deny
Allow from 127.0.0.1
Deny from all 

Answer 2

You can use %{HTTP_REFERER} based checks here:

 RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
 RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain\.com/ [NC] 
 RewriteRule . - [R=403,L]

Replace domain.com with your actual domain. However keep in mind that HTTP_REFERER header can be manipulated by some clients.