I am looking for a way to prevent someone from accessing my local content (html and swf files) directly via their actual urls, so that they can only be viewed through shadowbox. I have tried different approaches (.htaccess, chmod) but whatever disables direct access also disables it in shadowbox. Perhaps it's possible to place the files outside of public html, but I don't know if I can reference that location in shadowbox? Any ideas would be greatly appreciated.
What you're trying to do simply won't be possible unless you can find a way to discriminate between two different requests. For example, you need to be able to tell when Shadowbox is doing the request and when it's someone else. After all, Shadowbox just accesses your content through the HTTP protocol just like everyone else. It seems to me like a very difficult, if not impossible, problem to solve.