Security: User login via .htaccess + Web to lead

We would like to add a second layer of security , by adding a user autentification via apache .htaccess.
And that s what we did !
BUT then the suite crm Webtolead doesn t work anymore for guest users contacting us through our website form.

In a nutshell, how can I protect my CRM from the web and still have a webtolead that works ?

Today we have the webtolead url something like

This means that I cannot restrict my folder and anyone on the web can view my login page for the CRM .
Especially since it can be followed by a web crawler …

The solution I propose :
Having webtolead in a separate folder, such as :

Here is the htaccess at the root of my suitecrm
AuthUserFile /home/folder/.htpasswd
AuthName “Please Enter User & PW”
AuthType Basic
require valid-user

To summerise we want to :

  1. Request login via .htaccess for :

  2. ALLOW access to anyone to