this really shouldn't be a difficult issue
but for some reason it is
i'm trying to get apache to restrict access to a directory
so i created a password file with htpasswd -c ....
then i put a .htaccess file in to be protected directory
with the following in it:
AuthUserFile /usr/local/httpd/users
AuthGroupFile /dev/null
AuthName "secure area"
AuthType Basic
require valid-user
then i went into apache's httpd.conf and edited the <directory> lines