Recently, I needed to password protect only a few filetypes across an entire website. I was sure I could somehow do this using Apache’s extensive configurations, and this is how I did it.
First of all, put this as your .htaccess in the root of your website (or in the root of whichever directory you want to protect the files for):
AuthUserFile /path/to/htpasswd AuthType Basic AuthName "Login Dialog Title" <FilesMatch "\.(pdf|doc)$"> Require valid-user </FilesMatch>
And then generate the htpasswd in the right directory using this command-line:
htpasswd -c .htpasswd username
And, hey presto! The entire site works fine, but access to the particular file-types (in this example, PDF and DOC files) is restricted only to people who enter the correct username/password combo using HTTP authentication.
Thanks to helpful resources at: