The HTTP daemon httpd uses ~/public_html/ as the magic
directory which is visible. Each subdirectory there should by good
practice contain
index.html, in particular, ~/public_html/index.html is
the user home page that is referred to as
http://machine-name/~username, for example
http://www.ava.fmi.fi/~pjanhune.
To limit access in a subdirectory, create a file
named .htaccess there, with example contents as:
<Limit GET>
order deny,allow
deny from all
allow from .fmi.fi
</Limit>
.htaccess must be world readable, otherwise it has
no effect! Thus you must do chmod og+r .htaccess.