This is a cheap and effective way to password protect a directory:

1. Edit/create the .htaccess file and add the following lines:

AuthUserFile /home/someuser/etc/apache/.htpasswd
AuthName "Restricted Reports"
AuthType Basic

require valid-user

2. Use htpasswd command to make your .htpasswd file. Technically you could call it fluffy-monkey but that's not a very helpful name.

example.com:[]% htpasswd -h
Usage: htpasswd [-c] passwordfile username

The -c flag creates a new file.

example.com:[]% htpasswd -c .htpasswd someuser
Adding password for someuser.
New password:
Re-type new password:
example.com:[]%

For security its best keep your password file outside of docroot.