I use the front controller pattern and so all requests are routed through my index.php file. I'd like to secure the 'Admin' controller (accessible at mysite/admin/) with .htpasswd. Only problem is, 'admin' is not a directory but is just a mod_rewrite. Can this be done?
There is not only one way, I'm pretty sure. You can create access control with mod_rewrite and [F] on any criteria you would have defined. See for example Access control with mod_rewrite. That said you can perfectly do this.
<Location /admin>
[here your rules]
</Location>
The Require directive has for context directory which means that you can use it the context of
<Directory>, <Location>, <Files>, and <Proxy>
:)