I needed to do this a few weeks ago and after hours and hours of searching for the best way, I went with the hotlinking prevention option using your webserver’s .htaccess file (Apache) or the web.config file (IIS).
The trouble with wanting to put your images under the protected folder is you won’t be able to access them at all from a url, which is what is required for an img src attribute (not a server path as you were hoping). As soon as you allow an alias to a folder in your protected directory, all of the files are accessible and you’re no better off for storing them there.
Just do a google search for ‘hotlinking prevention’ and you’ll find some resources for protecting your images from direct access.