How can I allow access to content via a script, but dissallow it via a direct URL? The content needs to have permissions to allow access by Apache, but dissallow outside access at the same time.

To put it bluntly, you can't. There's always a way to script your way around these "safety measures". You could check for HTTP_REFERER, but that would mean that you block people who choose not to send such information to your server and it is easilly forged.

The best way to protect your data is keeping it offline.