This should be possible with a clever .htaccess block using mod_rewrite and regexp.
The url structure for the call the tracker contains the &url= parameter. Compare the base url to your actual url and send them to a 401 (access denied) if they don’t match.