i have learned a way to protect wma files from being downloaded by direct request using htaccess however, the code in my webpage must be as shown below for website access to be allowed <object ID="MediaPlayer" width="320" height="42" type="application/x-oleobject" STANDBY="Loading Windows Media Player components..." type="application/x-oleobject"> <param name="AutoStart" value="1"> <param name="FileName" value="songs/trouble/trouble8.wma"> <EMBED type="application/x-mplayer2" SRC="songs/trouble/trouble8.wma" AUTOSTART="1" WIDTH="320" HEIGHT="42"> </EMBED> </object> however, this code is sometimes crashing peoples browsers when the page loads... any idea why ? roamhosting.net

I could be wrong, but mixing EMBED and OBJECT tags is a bad thing. Just use one or the other. Since you're blocking by referrer, you'll need to use EMBED. Loading files with OBJECT doesn't pass the page referrer so WMP can't load the file.

youve actually got that the wrong way around if you use EMBED then the refferer isnt passed, however using object it is... and the above code will use the object, if it cant then it will use EMBED, not both.. roamhosting.net

I did some testing on my machine and from what I could tell niether EMBED nor OBJECT passed referrer information. I'm using PHP, and in both cases the HTTP_REFERER variable was not set. Anyway, as to your OBJECT code, two things come to mind. First, you have the TYPE attribute set twice, maybe no big deal but no reason to do so. Also, you're missing the CLASSID, a required attribute. Here's an example that worked for me: <OBJECT   ID="mediaPlayer"   CLASSID="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95"   CODEBASE="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"   STANDBY="Loading Media Player..."   TYPE="application/x-oleobject">   <PARAM NAME="fileName" VALUE="music.php">   <PARAM NAME="animationatStart" VALUE="true">   <PARAM NAME="transparentatStart" VALUE="true">   <PARAM NAME="autoStart" VALUE="true">   <PARAM NAME="showControls" VALUE="true">   <EMBED SRC="music.php" TYPE="application/x-mplayer2" AUTOSTART="true"></EMBED> </OBJECT> I believe that's formatted correctly. Like I say, it works for me at least :) Oh, and I found this while looking at some referer stuff. I tried it locally and hey, it works. Interesting, but not a big deal when you're just trying to prevent casual hotlinking.

that spoof is interesting... i shall try your code... the OBJECT does send a refferer, because you can stop downloads usng HTACCESS if they have not come to the file via a link you hav defined roamhosting.net