It is a hassle to have different configurations in development and production. Often it is required to protect the new webpage with user and password. Publishing that config on production on the other hand would be fatal.
With Apache 2.4 that is pretty easy done
<If "%{HTTP_HOST} == 'stage.example.com'">
AuthType basic
AuthName "private"
AuthUserFile /home/example/.htpasswd
Require valid-user
</If>