Protect PDF by using only links within the site

We have some PDF’s hosted on 2 of our sites and these sites are completely password-protected and we only want visitors to be able to access these PDFs if clicking from a link directly within the site

We used to do this using .htaccess on our Apache server adding a rule that blocks access to PDF files unless the “referrer” was the domain of the site.

Now we are on wpmudev.host, the server is Nginx and I don’t have access to the conf. Is this possible to set up for the 2 sites?