Use this tool at Dynamic Drive to automatically generate all the code needed to protect a directory on your site. Below are the 2 files generated by the tool. .htaccess goes into the folder that you want to protect and .htpasswd should be in a folder not accessible from the web. I normally put my .htpasswd file in my apache’s base folder.
AuthName "Restricted Area"<br /> AuthType Basic<br /> AuthUserFile /home/mydir/.htpasswd<br /> AuthGroupFile /dev/null<br /> require valid-user