You can have a htaccess.tpl and then process it using some templating toolkit of your choice, like Template-Toolkit. It is easier to mantain this way IMHO.

use strict;
use warnings;
use Template;

my $template = Template->new();

my $vars = {
    ips_to_block => [qw/10.10.10.1 10.10.11.1/],
};

my $output = '';
$template->process(\*DATA, $vars, \$output) or die $template->error();
print $output;
__DATA__
AuthUserFile /var/apache/htpasswd
AuthGroupFile /var/apache/htgroup
AuthName "My Realm"
AuthType Basic 

order allow,deny
allow from all
[% FOREACH ip_to_block = ips_to_block %]
deny from [% ip_to_block %]
[% END %]
[download]

Update:Removed <Limit> tags. Thanks merlyn!

<Limit GET POST>
[download]

Stop limiting the limits! Remove that line (and the closing line). Otherwise, your restrictions are not applying to the other half dozen methods that can used in that area.

It's probably not your fault. One of the early Apache docs showed <limit GET POST> and everyone picked up on it, but of course that was revised later, but by then everyone was cargo-culting the broken thing.

From the apache docs:

Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a <limit> section.

So, one of my many personal crusades is to remove this cargo cult by telling people: Don't limit your limits!.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.