You can also do this using environment variables. Here’s code you can use in .htaccess:
SetEnvIf Referer "^http://YOURDOMAIN" local_referral
SetEnvIf Referer "^http://THEIRDOMAIN" auth_referral
Deny from all
Allow from env=local_referral
Allow from env=auth_referral
First it sets local_referral to 1 if they click on a link on one of your own pages.
Second it sets auth_referral to 1 if they click on a link on someone else web page.
Then the server will send Forbidden messages if they did not do one of the above.
When you change the YOURDOMAIN and THEIRDOMAN, put a \ in front of periods:
www.dreamhost.com = “^http://www.dreamhost.com”
If you want to match a specific URL, put a $ at the end:
^ = beginning
$ = end
. = any character
? = previous character may not be present (ie jpe?g matches ‘jpg’ and ‘jpeg’)
If you wish to specify your own Forbidden message, add
ErrorDocument 403 http://YOURDOMAIN/forbidden.html
You might want to add the following to let visitors bookmark the URLs, enter them into their address bar, or click on them from non-web sites:
SetEnvIf Referer "^$" local_referral