Restrict Apache to only allow access using SSL for some directories

Solution 1:

The SSLRequireSSL directive is what you're looking for.

Inside your <VirtualHost>, or at the top level if you're not using virtual hosts:

<Directory /topsecret>
  SSLRequireSSL
</Directory>

Or in .htaccess:

SSLRequireSSL

Solution 2:

In the global configuration you could use:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !on
   RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>

Similarly you could use a .htaccess file in the first directory of the secure directory tree:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !on
   RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>

That last one could also be placed inside a directory directive in the global or virtual host configuration.