You canīs protect movies with htacess using "allow-access-based-on-refering-domain" in the same way you can with a htacess that allows access based on htpasswd file.
The reason for the problem is that movie players use java and java does not send headers, therefore the calls are not identified as originating on your server.
However, you can use this:
Your htaccess should read:
RewriteCond %{HTTP_REFERER} !^
http://([a-z0-9-]+\.)*your-domain.com/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+
*)id=valid(;.*|$)
RewriteRule /*
http://%{HTTP_HOST}/ [R,L]
That last line redirects to your main index page... you can change it to something else if you want. The key line is where your server will check for the existence of a cookie. That isn't dependent on java, so it works.
You put the cookie code within the HEAD section of the first HTML document within your protected area:
hahahahahahahaha LANGUAGE="hahahahahahahahahaha">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 6 * 60 * 60 * 1000);
documenthahahahahahahaha = "id=valid; path=/" + "; expires=" + expires.toGMTString();
</hahahahahahahaha
That code expires the cookie in 6 hours. Adapt the 6 * 60 part to be whatever you want.
That should work, hope you can use it