Hotlink protection of directory in subsite

Hello,

I need to protect files from direct download (in case someone guesses the filename) only for one directory on subdomain subsite in multisite installation.

I tried placing the following .htaccess into subdirectory (subsite.domain.wpengine.com replaces my real subsuite url):

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png|pdf|msi|deb|rpm|txt)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?subsite.domain.wpengine.com\. [NC]
RewriteRule \.(gif|jpe?g?|png|pdf|msi|deb|rpm|txt)$ - [F,NC,L]
</ifModule>

This doesn’t work.

I also tried to add rewrite rules to the global WP htaccess (as per https://wordpress.stackexchange.com/questions/48623/protect-uploads-in-multisite):

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

# added hotlink protection rules
RewriteCond %{HTTP_HOST} ^subsite.domain.wpengine\.com
RewriteCond %{SCRIPT_FILENAME} ^([_0-9a-zA-Z-]+/)?folder-name/(.+)
RewriteRule ^([_0-9a-zA-Z-]+/)?folder-name/(.+) - [L]

Not working either ??

Anyone knows the solution here? Thanks!

Another concern – for now, the domain has not yet been mapped to avoid displaying wpengine part
How would I incorporate this change after? Thanks in advance!