Prevent Hotlinking through CSS via .htaccess

Question

I've set up my htaccess this way to block hotlinking:

RewriteCond %{HTTP_REFERER} !^http://(.+.)?mydomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*.(bmp|dtd|flv|jpeg|jpg|gif|png|psd|swf|tif|txt|mov|mpeg|mp3|xml)$ - [F,NC,L]

The problem is that it works perfectly fine via HTML (such as < img > tags) but it doesn't prevent hotlinking through CSS (ex., background-image url)

So here's a clarification on what I mean:

Server A (My Domain)
Server B (Another Domain)

Server A hosts file /myfile.jpg
Server B hosts css file /mycss.css

Server B CSS file contains background-image:url('server-A/myfile.jpg'); This CSS rule works...it loads the jpg file from Server A. If Server B were to also have an < img src="server-A/myfile.jpg" >, it wouldn't load. It just works for the CSS. It shouldn't work for EITHER.

Answer 1

When you say "doesn't prevent hotlinking through CSS" do you mean 1) that other people can still use your existing CSS files with their pages, or 2) that other people can put your images in their own CSS files?

If 1) it may be that the referrer header for the image fetch is the CSS file itself, which will come from your server, so will fail the first RewriteCond rule and the fetch won't be blocked.