I've got a central script 'web' within the cause of my website that handles everything. Within the .htaccess the next lines tell appache to deal with 'web' like a php file:

<Files web>
ForceType application/x-httpd-php 
</Files>

The script 'web' splits the REQUEST_URI in parts therefore it can create the right page: http://www.mysite.com/web/var1/var2/var3 calls 'web' and also the script receives var1, var2 and var3.

What i wish to do is safeguard a particular area of the site with .htaccess to ensure that http://www.mysite.com/web/login produces a login-screen. But there's no directory 'login' by which i'm able to place the .htaccess and .htpasswd.

Is this done?

you can also use Location:

<Location /path-that-doesnt-exist-in-the-filesystem>
    //your stuff here, for example AuthType Basic, etc...
</Location>