Yes - that line of code was causing the problem. Both SELF and REQUEST_URI include the file name that is being called. I always hide the file name when it is index!
EG: If my URL was
The requests were adding the file name so they looked like:
Since the matches were not being made - the page would not continue.
Easy fix for me. I'm not a fan or securing a page by referer in the first place, so I put my own custom check in place to act as the trigger. Works like a charm.