Ahh I see the problem 👌
The rewrite rule you’re using blocks direct requests to .zip files, even when they come from your own site via <a href="archivo.zip">. That’s why images/videos embedded in LifterLMS still work (they’re loaded with a valid referer), but clicking a download link looks like an external request.
We can tweak the rule to allow internal requests even when the referer is missing, but only for .zip files.
# Protect media files from hotlinking, but allow ZIP downloads from own site
RewriteEngine On
# Block hotlinking for common file types
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(gif|jpg|jpeg|png|tif|pdf|wav|wmv|wma|avi|mov|mp4|m4v|mp3)$ - [F,NC]
# Special rule for ZIP (allow empty referer = direct download works)
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(zip)$ - [F,NC]
For images/videos/audio/PDFs → they’re blocked unless the request comes from your domain and has a valid referer.
For ZIP files →
Allowed if the request has no referer (so direct downloads from your site work).
Blocked if the referer comes from another domain (so hotlinking still fails).
Replace yourdomain\.com with your actual domain name.
If your site uses both www and non-www, the regex already handles that.
Cheers.