Note: I am assuming you want a PHP script to "read" the PDF to the user.
Rarebit has the idea with the intermediary, which is needed, as mentioned later. To prevent direct access, this htaccess code will work:
deny from all
This should do exactly what you want.
If you have mod_rewrite enabled, you may want to redirect users to the "reading" script instead of blocking them.
If you want to do that, use this htaccess file:
RewriteBase /
RewriteRule (.*) read.php?file=$1 [QSA,L]
One point - due to the way your script may be coded and the fact you are using PDFs, this code may not work.
You cannot simply embed the PDF file in a HTML/PHP script, because that would be loaded client side by the PDF reader. Your script will need to read the PDF and then dynamically create a duplicate as rarebit's code does:
I'd be glad to answer any questions. You may also have special requirements, depending on exactly what you want to do with the PDF, such as advertisement insertion.