Let’s say you have a multisite installation with several (sub)domains pointing to the same document root. Now, you want to protect private.domain.com with ht-authentication while www.domain.com stays publicly available.
Please welcome Apache’s
setEnvIf as your friend:
AuthName "Private" AuthType Basic AuthUserFile /var/www/.htpasswd require valid-user SetEnvIf Host private.domain.com secure_content Order Allow,Deny Allow from all Deny from env=secure_content Satisfy Any