This module uses token based authentication to secure downloads 
  and prevent deep-linking. 

  Have your script or servlet generate a token to authenticate the 
  download and let Apache handle the file transfer without having 
  to pipe it through a script for security.
  
  You can find downloads, daily snapshots and support information at
    http://www.synd.info/

USAGE

  The token is an hex-encoded MD5 hash of the 
  secret password, relative file path and the timestamp. It is 
  encoded onto the URI as:

    <uri-prefix><token>/<timestamp-in-hex><rel-path>

  For example
  
    /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt

  where the token is generated as 

    md5("secret" + "/path/to/file.txt" + dechex(time_now()))

  with the following configuration in httpd.conf

    <Location /protected/>
      AuthTokenSecret       "secret"
      AuthTokenPrefix       /protected/
      AuthTokenTimeout      60
    </Location

  The actual file would be located in
  
    /protected/path/to/file.txt

CREDITS

  Implementation ideas were taken from mod_secdownload for LIGHTTPD
    - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload