auth_request and nested locations

[djczaski]

Except for a few exceptions, I want to require authentication for an
entire site.  The safest place would be to put the auth_request
directive at the http level but there's no way to allow the
exceptions.  If I put the auth_request in locations I'll need to
repeat it multiple times and that seems less maintainable because the
chance of it getting missed when new services are added or changed. Is
there a decent way of structuring the config file for an auth portion
of a site and an un auth'd side?