# this file must be named .htaccess
DirectoryIndex login.html

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile .htusers
Require valid-user

# allow only the root directory (=login.html, see above) to be shown...
SetEnvIf Request_URI ^/$ noauth=1
Satisfy any
order deny,allow
deny from all
Allow from env=noauth