Most websites are to be shown to the public however its possible there maybe some links from the main website which you may wish to secure such as: https://mysuperweb.co.uk/secureStuff. By default the browser will show it as a folder listing or a website if there is an index.php file.
To secure the link we can use htaccess which will prompt a password before the content is showed. We can do this at:
/etc/apache2/sites-available/000-default.conf
<Directory "/var/www/html/secureStuff>
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/apache2/.htaccess
Require valid-user
</Directory>
The code will prompt for a username a password defined by the AuthUserFile. The location in which it will ask from will be /var/www/html. This is the default root location for the main website.
https://mysuperweb.co.uk = /var/www/html
https://mysuperweb.co.uk/secureStuff = /var/www/html/secureStuff
For the password itself it would be made with:
sudo htpasswd -c /etc/apache2/.htaccess username