1) I'm sure there are other ways, but that seas the simplest.
2) Before setting the htaccess rule, you will need to have a page you can access to set the cookie.
you wouldn't want this page accessable to anyone so it should use security assist to only allow access if your are logged in.
the work flow for you would be:
-go to the page that sets the cookie
-set the hataccess rule so that others will only see the maintenance page
-after you are done with maintenance, unset the htaccess rule
before the htaccess rule is set, the cookie page would be accessible to anyone unless you password protect it. after you remove the htaccess rule it would also be accessible unless you delete it (but you'll probably want to do site maintenance again, so would need to recreate it), or password protect it.