Stop outside access to directory

How could I stop access to a directory from the outside, for example a
dir with images, and only allow it via the Rails app?

If you don't want your webserver to just serve up the file then don't
put the file inside your document root (ie don't put it in your app's
public folder).