the only way to protect the file from URL access is to place it outside of the web root.
Contact your host to see what your options are for creating a location outside of the webroot for storing files. If they will not allow for storing files outside of the web root, you will need to find another hosting option.