Unfortunately <Location>
directive isn't allowed in .htaccess
.
But there is an alternate neat solution using mod_setenvif
.
# set env variable SECURED if current URI is /c/sofas/
SetEnvIfNoCase Request_URI "^/c/sofas/" SECURED
# invoke basic auth is SECURED is set
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /full/path/to/passwords
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED