Complete tutorial onApache Documentation
Below is the code I put on .htaccess file on the folder/site which I want to protect
Order allow,deny
Deny from all
Allow from profusehost.net
ErrorDocument 403 /error/HTTP_NOT_FOUND.html.var
Order allow,deny
tell apache to evaluate allow list then deny list, if any client doesn''t match in allow and deny list it''ll denied
Deny from all
denied all client 
Allow from profusehost.net
but access from *.profusehost.net is allowed, and its sub-domain and host under domain profusehost.net
ErrorDocument 403 /error/HTTP_NOT_FOUND.html.var
This is for displaying error 404 Object Not Found instead of error 403, so client will assume the folder is not exist.