Prevent linking unless previous address was from local host? htaccess

[xenoalien]

I am not sure how to phrase the question right and I think it has been answered before... How do I prevent other sites from directly linking to files but they still show up on my website? I want people to be able to download some of my files on my website but not be able to link from another website to download files. Thanks in advance

[xenoalien]

would this gen be bad to use? http://www.htaccesstools.com/hotlink-protection/

[PFMaBiSmAd]

No. Like already stated HTTP_REFERER is easily faked and won't stop hotlinking.

 

For example, the popular phpproxy script deliberately sets HTTP_REFERER to be the same as the domain being requested so if you were using HTTP_REFERER and someone linked to a file on your site through a phpproxy site, they would look like they came from your site.

 

Edit: Basically you cannot trust any data that comes from the browser. So, you must use a piece of data that is only kept on your server. The best way is to use a session variable that is set at the point someone is allowed to do something and it is checked in the code that displays or downloads the file. This same method would also tie in with a user login in system to control who can see and download which files.