I am having a problem figuring this out. I run a music site and host a lot of mp3's (fully legit, www.thednb.com). I track clicks through a tracking page and then redirect them to a directory that is not published. However there is one easy way to find the directory if you know what you are doing. Someone has done this and they are leeching mp3's off my server. I would like to figure out how I can protect a folder so that it can only be accessed from a click on my server. <BR><BR>Is the only way to do this is to make a asp page that checks referer? I am doing that with the click tracker but I was hoping that I could block access to a directory in IIS. Any ideas?