diff -ur httpd-2.4.3.orig/include/http_config.h httpd-2.4.3/include/http_config.h
--- httpd-2.4.3.orig/include/http_config.h	2012-03-26 00:24:13.000000000 +0200
+++ httpd-2.4.3/include/http_config.h	2012-11-11 13:22:47.000000000 +0100
@@ -1322,6 +1322,15 @@
 AP_DECLARE_HOOK(void,optional_fn_retrieve,(void))
 
 /**
+ * Allow modules to perform a check immediately prior to opening htaccess.
+ * @param r The current request
+ * @param filename The htaccess file which will be processed
+ * @return HTTP status code to fail the operation, or DECLINED to let later
+ * modules decide
+ */
+AP_DECLARE_HOOK(int,pre_htaccess,(request_rec *r, const char *filename))
+
+/**
  * A generic pool cleanup that will reset a pointer to NULL. For use with
  * apr_pool_cleanup_register.
  * @param data The address of the pointer
diff -ur httpd-2.4.3.orig/server/config.c httpd-2.4.3/server/config.c
--- httpd-2.4.3.orig/server/config.c	2012-07-16 19:34:50.000000000 +0200
+++ httpd-2.4.3/server/config.c	2012-11-11 13:22:47.000000000 +0100
@@ -80,6 +80,7 @@
            APR_HOOK_LINK(quick_handler)
            APR_HOOK_LINK(optional_fn_retrieve)
            APR_HOOK_LINK(test_config)
+           APR_HOOK_LINK(pre_htaccess)
 )
 
 AP_IMPLEMENT_HOOK_RUN_ALL(int, header_parser,
@@ -171,6 +172,9 @@
 AP_IMPLEMENT_HOOK_RUN_FIRST(int, quick_handler, (request_rec *r, int lookup),
                             (r, lookup), DECLINED)
 
+AP_IMPLEMENT_HOOK_RUN_FIRST(int, pre_htaccess, (request_rec *r, const char *filename),
+                            (r, filename), DECLINED)
+
 /* hooks with no args are implemented last, after disabling APR hook probes */
 #if defined(APR_HOOK_PROBES_ENABLED)
 #undef APR_HOOK_PROBES_ENABLED
@@ -2078,6 +2082,7 @@
     struct htaccess_result *new;
     ap_conf_vector_t *dc = NULL;
     apr_status_t status;
+    int rc;
 
     /* firstly, search cache */
     for (cache = r->htaccess; cache != NULL; cache = cache->next) {
@@ -2104,6 +2109,10 @@
          */
         filename = ap_make_full_path(r->pool, d,
                                      ap_getword_conf(r->pool, &access_name));
+        rc = ap_run_pre_htaccess(r, filename);
+        if (rc != DECLINED && rc != OK) {
+            return rc;
+        }
         status = ap_pcfg_openfile(&f, r->pool, filename);
 
         if (status == APR_SUCCESS) {