How do I block external user access to a web server directory without preventing...

How do I block external user access to a web server directory without preventing internal website & apache access during normal authorized functionality using only the .htaccess file?

I am trying to ensure logged on users can do internal searches in this directory using normal web site links, but want to block direct URL access to this directory for any users, logged in or not.

I have info on creating .htpasswd, but that would be very large and require daily updates (perhaps from a SQL query) and wondering if there is a way around this.

Everything I have tried either disallows both or allows both.

If the files need to be accessed by the website itself but not directly by visitors, the usual approach is to move them outside the web root. If that's not possible, you could use .htaccess rules to block direct requests while allowing access through your application logic, but .htaccess alone generally can't tell the difference between a direct URL visit and a legitimate internal site request.