The HTTP authentication (httpauth) module will be deprecated in favour of Secure Site (securesite), and we need to make sure we don't lose any functionality in the process. There is one feature missing in securesite.
httpauth forces authentication on restricted pages but only on certain paths. This functionality is to keep the authentication away from users visiting using their normal browser (by limiting it to RSS paths such as
Proposal is to add a text field called Only force authentication on the following restricted pages. If this text field is empty, all paths match. If this text field is not empty, it is interpreted like the Show only on pages option for blocks. Preferably this field would dynamically appear depending on the selected Force authentication setting.