How to require authentication for a subdirectory on an OpenBSD httpd webserver?

I have a VPS running _OpenBSD 7.4 x64_ that hosts my personal webpage among other things. This webpage is using the native http daemon provided by OpenBSD, not an Apache server. I would like to have the majority of my website open to anyone who encounters it, although there are certain pages that I would like to only be visible to authenticated users for privacy purposes. I have scoured the web for documentation on how to achieve this, and come up mostly empty-handed. What I have found so far is that I need to add an

statement in my

/etc/httpd.conf

file to prompt the user for a username and password, which is then checked against the

.htpasswd

file that I have previously created for the protected realm. I have also found that one may have multiple "realms" with distinct

.htpasswd

files for each. My issue is that I have not been able to properly setup the

/etc/httpd.conf

file so that it asks for authentication and then allows the user through upon receiving correct info. It seems that the adoption of OpenBSD's native http daemon is still relatively small, at least compared to the adoption of Apache servers. I have not found any thorough explanations of how it all works besides OpenBSD's manpages, which, while many people say they are very thorough, I have still had some trouble fully understanding. This is all a very new thing to me, in fact I was only able to set all of this up in the first place because I used a [script made by someone else](https://sive.rs/ti.sh) and followed [their instructions](https://sive.rs/ti) . To wrap all of this up, __I would like to password-protect a folder/directory and all of it's subfolders/subdirectories, recursively.__ I envision this would be something akin to adding

authenticate "realm" with "[.htpasswd file]"

to a

block in my

.conf

. The problem is that when I try this, the server merely prompts for a password and immediately prompts for it again, ad infinitum, regardless of whether or not the password matches the

.htpasswd

credentials I have previously created. If I hit

on the password prompt, the server will then give me a

"401 Unauthorized"

page. Here is a config that will result in infinite password challenges:

prefork 5

types {
  include "[TYPES_FILE_LOCATION]"
}

server "[DOMAIN_NAME.COM]" {
  listen on * port 80
  location * {
    block return 301 "https://$HTTP_HOST$REQUEST_URI "
  }
  location "/.well-known/acme-challenge/*" {
    root "/acme"
    request strip 2
  }
}

server "[DOMAIN_NAME.COM]" {
  listen on 127.0.0.1 port 8080
  default type text/html

[*** PROBLEM HERE v ***]
  location "/[PROTECTED_FOLDER]" {
    authenticate "realm" with "[.HTPASSWD_LOCATION]"
  }
[*** PROBLEM HERE ^ ***]

  location "/pub/*" {
    directory auto index
  }
}

This config works as-is for regular https connections and for http -> https connections as well. I have also tried

[*** PROBLEM HERE v ***]
  location "/[PROTECTED_FOLDER]/*" {
    authenticate "realm" with "[.HTPASSWD_LOCATION]"
  }
[*** PROBLEM HERE ^ ***]

to a similar effect. Here are the permissions for the users.htpasswd file and all parent directories:

drwxr-xr-x  13 root  wheel   512 Nov 29 19:00 /
drwxr-xr-x  27 root  wheel   512 Nov 15 05:22 /var
drwxr-xr-x  11 root  daemon  512 Jan  1 23:20 /var/www/
-rw-------   1 www   daemon   68 Jan  1 23:29 /var/www/users.htpasswd

Does anyone know what I am doing wrong here? Any resources I might have missed? Here are some resources I have discovered so far. [similar question #1 - misc.openbsd.narkive.com](https://misc.openbsd.narkive.com/gxk0xkOU/openbsd-s-httpd-troubles-again-can-t-find-any-man-page-that-explains-how-to-properly-set-up) [similar question #2 - reddit.com/r/openbsd](https://www.reddit.com/r/openbsd/comments/811sbs/looking_for_some_examples/) [archive](https://www.reveddit.com/v/openbsd/comments/811sbs/looking_for_some_examples/?rdt=54250) [httpd.conf manpage - man.openbsd.org](https://man.openbsd.org/httpd.conf) [archive](https://web.archive.org/web/20230623161748/https://man.openbsd.org/httpd.conf) Any tips/help/pointers greatly appreciated.