there's not really a way to tell if the user has typed the address into the address bar or is accessing the page from a link.
the only thing i can think is to set a session variable on the page that contains the link on load using the set session variable server behavior.
then create an access rule in security assist, much like the logged into users rule that checks to make sure the session variable is not empty, then use that access rule to prevent access to your page.
this will not be 100% full proof though, since the user could visit the page with the link, to set the session then type in the address in the address bar to visit the page