Theoretically you could use a subdomain (secure.example.com) with an identical reverse proxy. Put a blanket basic auth on this subdomain. Then declare a redirect on the main domain for secure methods like so:
redir 302 {
if {method} is "PUT"
if {method} is "DELETE"
if_op or
/ https://secure.example.com{uri}
}