z.B. so:

require authentication for everything not specificly excepted

<Location / >
    AuthType Basic
    AuthName "whatever"
    AuthUserFile /etc/apache2/htpasswd
    Require valid-user
    AllowOverride all
</Location>

allow standard apache icons to be used without auth (e.g. MultiViews)

<Location /icons>
    allow from all
    Satisfy Any
</Location>

anyone can see pages in this tree

<Location /special_public_pages>
    allow from all
    Satisfy Any
</Location>

Vielen Dank für die schnelle Antwort.

Ich habe meine Konfiguration nun wie folgt geändert:

DocumentRoot /var/www
        <Location />
                Options FollowSymLinks
                AllowOverride None
        </Location>
        <Location /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                require valid-user
                AuthUserFile /etc/webserverpass
                AuthType Basic
                Satisfy all
                AuthName "Benutzeridentifikation"
        </Location>
        <Location /var/www/proxy>
                allow from all
                Satisfy Any
        </Location>

Mit der Konsequenz, dass nun kein Passwort mehr abgefragt wird, egal wo.