Restricted access not too restrictive

[Rushtafari]

I realize this is an age-old question, but I must be doing something wrong.

I am administering a FreeBSD (v4.9) Apache2 Web server for about ten users. In each public_html directory I want to create a directory called "restricted." I want documents placed inside this directory to be unaccessible to anyone trying to access them from a certain domain.

My first questions is, can I establish this restriction in my httpd.conf and apply it to all subdirectories of public_html titled "restricted"? If so, how?

I tried using an .htaccess file, and here is what happens:

First, I thought I would try shutting EVERYONE out of the directory, to test my Apache power. So I first modified the httpd.conf directory:

<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

I already have a .htaccess file created. Let me show you a series of commands that may hold a clue to my problem:
--------------------------

$ cd public_html/restricted

$ ls -al

drwxr-xr-x 2 jwalkup fac 512 Feb 29 12:22 .
drwxr-xr-x 8 jwalkup fac 1024 Mar 1 08:07 ..
-rw-r--r-- 1 jwalkup fac 31 Mar 1 10:47 .htaccess
-rw-r--r-- 1 jwalkup fac 6594 Feb 27 11:52 oma.html

$ more .htaccess

Order allow,deny
Deny from all

------------------------

Okay, any files placed inside the directory should be unviewable, right? Well, you can see oma.html for yourself:

http://faculty.natuniv.edu/~jwalkup/restricted/oma.html

What am I forgetting? This is driving me crazy.