I am aware of how to make content private (using user permissions to prevent access to content within WP), but how can I prevent direct access to the uploads of one of the various sites within my multisite network?
Example: A file called abc.jpg located at http://somedomain.com/files/2012/01/abc.jpg, which is actually located within /wp-content/blogs.dir/6/files/2012/01/abc.jpg: The file should only be available when called within a script (HTML) on the local domain (here: somedomain.com), and not be accessible through direct access (or hotlinking).
I tried accomplishing it with editing the .htaccess file, which looks like this (excerpt):
# uploaded files RewriteRule ^([_0-9a-zA-Z-]+/)?(.+)somedomain.com/files/(.+)$ - [NC,L] RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
The pattern (^([_0-9a-zA-Z-]+/)?(.+)somedomain.com/files/(.+)$) does match the file (http://somedomain.com/files/2012/01/abc.jpg) according to RegExr, but does not prevent access to the uploads from this site.
How can I achieve content protection on a single site within the network?