'htaccess fails to allow domain access to sub-directory

I have a sub-directory on a site with a zip file in it. I want to limit access to the zip file to certain domains. I have tried many methods but none are working. Below shows what I've tried where example.com is the calling site. I only tried one of these methods at a time but they all return a 403 result. I see many posts here about problems like this and the results are always that they work so I must be missing something. Does anyone have any suggestions?

Method 1

    SetEnvIf Referer "^example\.com/" goodsites
     
    order Deny,Allow 
    Deny from all 
    Allow from env=goodsites

Method 2

    order deny,allow
    deny from all
    allow from example.com

Method 3

    RewriteEngine on
    RewriteCond %{HTTP_HOST} !^(www\.)*example\.com [NC]
    RewriteRule ^(.*)$ - [F]

I added the following and it seems to do what I want.

    <FilesMatch "\.(zip|exe)$">
       Order Deny,Allow
       Deny from all
    </FilesMatch>
.htaccesssubdomain


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

PHPS source file - 403 Forbidden You don't have permission to access this resource

Remove .php extension with .htaccess

content-security-policy doesn't work; I want to have my website load in an iFrame on ONE other website only

Use cookie-free domains - subdomain solution not working

WHM Enabling mod_rewrite

Add New Parameter to Existing URL using htaccess

Remove index.php from URL of Laravel

Understanding RewriteRule & HTACCESS

Connect Remote Database using Selenium Webdriver and run Test Cases from local machine through eclipse

How to remove index.php and index from the URL using htaccess | PHP

Codeigniter htaccess not working in ubuntu 16.04

Letsencrypt with htaccess

net::ERR_INCOMPLETE_CHUNKED_ENCODING

Website displaying 'Default OaO frameset' as title [closed]

301 Redirect to remove query string on homepage only