With this code you can avoide the hotlinking to the files under certain folder. I have an application that is located under xxxx://mpol.ch/demo and the users are uploading their documents into folder "invoices".
After this implementation the documents can be viewed only through links from the application itself which are located under "xxxx://mpol.ch/demo/". All other requests will generate "Forbidden" message.
Step 1: Copy the code to an editor
Step 2: Adjust the Referer and origin for your application
Step 3: Save the code as file htaccess.txt
Step 4: Uplaod the file htaccess.txt into folder that you want to protect in my case into "xxxx://mpol.ch/demo/invoices"
Step 5: Rename the file htaccess.txt from "htaccess.txt" to ".htaccess"
Step 6: Carry out your tests
Start here
SetEnvIfNoCase Referer "xxxx://mpol.ch/demo/" internal
SetEnvIfNoCase origin "xxxx://mpol.ch/demo/" internal
<Files *>
order Deny,Allow
Deny from all
Allow from env=internal
</Files>
End here
mpol_ch