Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:

AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user

Note: This works in Apache 2.4. I have not confirmed for earlier versions.

If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.

AuthType Basic AuthName "Enter Pass" AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/ Require valid-user SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow Order allow,deny Allow from env=allow

Also If you want to prevent multiple directories then add

SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow

as many time as many directories, you want to remove from htaccess prevention.

You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so:

# allows any user to see this directory
Satisfy Any

Please note that the syntax changed in Apache 2.4, this should have the same effect

Require all granted

Simply create a new .htaccess in the desired subdirectory with this directive:

Allow from all

You can restrict to your IP only with :

Allow from x.x.x.x

See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html

You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.

Adding to RageZ's answer, I used this in the Server Directives:

<Directory /var/www/protected/>
     AuthType Basic
     AuthName "Production"
     AuthUserFile /path/to/.htpasswd
     Require valid-user
</Directory>

<Directory /var/www/protected/unprotected>
     Satisfy Any
</Directory>

Awesome. Thanks RageZ!