Apache allows access to directories to be restricted unless overridden by a valid user name and password. Here you will see how to set it up in your config file, how to create the .htaccess file, and how to generate the password file for it.
Denying access in httpd.conf
The first step is to deny access to the directory in the httpd.conf file. To do this the following must be added for the directory, or the default to deny access.
Options Indexes FollowSymLinks
The above will deny access to the secret_dir and only allow it to be accessed if the person gains authorization by entering a username and password. We will set this up next.
At this point you need to restart Apache since changes were made the config file, so use
# apachectl graceful