It's pretty simple, use one of httpd's authentication mechanisms, and restrict access to the 'admin' group. See the apache manual for details. Https is recommended.