Answering the question, first of all, blocking requests from outside via .htaccess
is something like this:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://www\.seusite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://seusite\.com/ [NC]
RewriteRule ^.*$ - [F]
But this is only to make it difficult for the curious, because anything that the browser accesses without restriction, can be accessed directly by an external request. HTTP headers are easily simulated.
To protect against automated access, a captcha would help, but this is infeasible for normal features such as images, JS, CSS, audio etc that would normally be used by the site. In addition, nothing would prevent the user from responding to the captcha in an application outside the site.
A reasonable block with no side effects is practically impossible in the context presented in the question.
The benefit of the REFERER lock is in the case of Hot Link , it at least prevents your resources from being linked to third-party sites (because in this case, the third party has no control over the user, who will be making the requisition). You can not prevent this third party from accessing your data and taking a copy, but he himself can not make ordinary users (of his site) bypass his protection in a simple way and access his files directly. At least it discourages the undue consumption of the transmission band of your server, because in this case it is obliged to at least intermediate the content.
I can not deny or confirm that I have already done this :P
, but by controlling REFERER directly in your application, you might well serve an extremely inappropriate image if it is linked to a third-party site, but correct if the person accesses your or if the REFERER is empty (important to consider that it is only hotlink if it is filled, with the wrong website). I do not recommend , because it can be in the person's cache, and the wrong thing appears if the same person accesses your site in the future, giving a disastrous result. But it's always good to know that it's possible;)