This is what was done to solve the problem. I am providing the two relevant location blocks.
# protect the "secure" folder ( /var/www/html/secure )
location /secure/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
}
# This is required to protect individual files inside the directory
location ~ ^/secure/.*\.php$ {
auth_basic "Restricted Area";
auth_basic_user_file /var/www/protected/.htpasswd;
fastcgi_pass 127.0.0.1:9010;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}