Can you really deploy a Django application on Apache + mod_wsgi (the standard way) however with HTTP authentication while watching whole factor?

Essentially, I want an additional layer of HTTP security before any user, Django-authenticated or anonymous, is even in a position to achieve the application.

Is possible? If that's the case, where perform the Apache auth directives go?

Yes, it is possible.

With mod_wsgi on /, any assets to become supplied by apache have to be listed as aliases.

Auth directives and host limitations reside in Location directives.

So I have disabled any apache access limitations on such things as css, and provided host/ip based use of another directory.

<VirtualHost *:80>
        Servername              app.domain.example
        CustomLog               logs/access_log combined
        ErrorLog                logs/error_log
        DocumentRoot            "/home/app/apache/app/html"

        Alias /media/           /home/app/apache/app/html/media/

        <Location />
                Options None
                AuthType                Basic
                AuthName                "Login Prompt"
                AuthUserFile            /path/to/passwd.file
                Require                 valid-user

        <Location /media>
                Order allow,deny
                Allow from all
                Satisfy any

        WSGIDaemonProcess       app user=app group=app processes=5 threads=1 display-name=app_WSGI
        WSGIProcessGroup        app
        WSGIScriptAlias         /       /home/app/apache/app.wsgi

Sure, here's example in one site:

<VirtualHost *:80>

  DocumentRoot "/home/user/websites/djangoproject/website/"

  WSGIDaemonProcess djangoproject python-path=/home/user/.virtualenvs/djangoproject/lib/python2
.6/site-packages/ user=user group=user threads=1
  WSGIProcessGroup  djangoproject
  WSGIScriptAlias / /home/user/websites/djangoproject/website/django.wsgi

  <Directory "/home/user/websites/djangoproject/website/">
    Order deny,allow
    Allow from all

    AuthType Basic
    AuthName "By Invitation Only"
    AuthUserFile /etc/apache2/passwords
    Require valid-user