One way would be to change the directory security settings for that directory. Turn off anonymous access and turn on Windows Integrated Authentication.

That will block access to anyone who doesn't have read permission to the files in that directory.

You can find the domain\username they are using $query->remote_user with CGI.pm;