Purpose: Check path validity and user’s access rights.
Check auth-type, auth-user, and/or auth-group in rq->vars.
Return REQ_PROCEED if user and group is authorized for this area, ppath in rq->vars.
If not authorized, insert WWW-Authenticate to rq->srvhdrs with a value such as: Basic; Realm=\"Our private area\". Call protocol_status() to set HTTP response status to PROTOCOL_UNAUTHORIZED. Return REQ_ABORTED.