if (!https)
    deny from all
else
    AuthType Basic
    ...
end if