It would have made sense to use LocationMatch with a negative lookahead regex pattern like “^/(?!admin)” but that doesnt work. Neither work a rule like !”^/admin” so here is a workaround:
<Location "/"> AuthType Basic AuthName "Restricted Files" AuthUserFile /var/www/clients/client12/web17/passwd AuthGroupFile /dev/null Require valid-user SetEnvIf Request_URI "^/(admin|skin|js|index)(.*)$" allow SetEnvIf Request_URI "^/favicon.ico$" allow Order allow,deny Allow from env=allow Satisfy Any </Location>
This basically allow the access without authentication to the directories/files that start with admin, skin, js or index. The other rule allow the favicon too.