I need to protect files from being 'hotlinked' or downloaded by browser a secure folder.

I have tried putting .htaccess file as in http://docs.couchcms.com/concepts/cloak ... s-of-files But it didn't work. Directory listing was disabled, but if you happen to know the link to file, it was downloaded without problems.

Tested all solutions found on web with htaccess. Nothing prevented browser from downloading zip archive from uploads/file/secure.

The only method that worked has been found though:
Through cpanel of hosting, I made a folder protected. I didn't set password, as I remember, just indicated folder as protected.

The file htaccess was automatically created in secure folder with the following content:
AuthType Basic
AuthName "/www/website.com/_uploads/file/secure/"
AuthUserFile /var/www/path-outside-of-root/etc/47056829.passwd
<Limit GET POST>
require valid-user

Cloak_url passes by this restrictions and successfully serves file. This is most important.
Browser can not download nuthin

This is a solved now.