The following constellation always has an unpleasant side effect: If you protect your site with htaccess / htpasswd and at the same time force an SSL connection, you always need to enter the same password twice (once for http and again after successful entry for https). With the help of the configuration sections introduced in Apache 2.4, the problem can easily be dealt with.
# SSL erzwingen
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Authentifizierung (nur bei verschlüsselten Verbindungen)
<If "%{HTTPS} == 'on'">
AuthUserFile /path/to/.htpasswd
AuthName "Interner Bereich"
AuthType Basic
require valid-user
</If>