Suppose I have GIF images referenced in an HTML page. Is it possible to 1) allow the images in this context to be downloaded BUT 2) PREVENT the GIF from being downloaded if someone types in the direct URL to that image?

A couple reasons for wanting to do this.

1. Google images is spidering images on my site that I don't want spidered. Perhaps I can solve this by adding "/images" to my robots.txt file, but I wanted to take it a step further.

2. Issues with people stealing and re-using the copyrighted work.

Thanks.

Not reliably. But do add /images to your robots.txt.

You will see people adding "anti-leech" code to their sites - and then complaining that their sites are broken....

Thanks, Steve. Did a search on anti-leeching and found exactly what I needed. I'll use a combination of the robots.txt file addition and the following anti-leech example:

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://yourwebsite.com [NC]
RewriteCond %{REQUEST_URI} !^/hotlink.jpg [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|png)$ hotlink.jpg [NC,L]

RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://yourwebsite.com [NC]
RewriteRule \.(wmv|mov|mpg|mpeg|doc|zip|exe)$ - [F,L]

Also, here's a link on Google's site I found about specifically blocking the Google Images spider:
http://www.google.com/support/bin/answer.py?answer=630&query=images&topic=0&type=f

Keep in mind that using the Rewrite rules to keep people from leeching isn't 100% effective. Basically it relies on the browser sending the correct Referer, but that's easy enough to work around if you really want to. It should work for most things, but it's not guaranteed.

This will also fail for many legitimate users running privacy software (often included in firewall products) that mask or don't send the referrer. You can partially alleviate this by also allowing an empty referrer string. Oh, and if you use https access, you have to include the proper URL base for that too.

To cover what stevel pointed out (and to make it alittle bteer), replace these:
RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://yourwebsite.com [NC]

With this:
RewriteCond %{HTTP_REFERER} !^(|https?://(www\.)?yourwebsite\.?com.*)$ [NC]

If you use subdomain, then use this:
RewriteCond %{HTTP_REFERER} !^(|.*yourwebsite\.?com.*)$ [NC]