Recently I came along the need of having access to some intranet site based on IP or if the IP was outside the LAN apache should prompt for a username/password.
It took me some time to figure out, but this can be done by the satisfy
option. So I now have in my apache-config the next configuration:
<Directory "/usr/local/www/intranet">
 Options Indexes FollowSymlinks MultiViews
 AllowOverride None
 order deny,allow
 deny from all
 # Allow LAN Location A
 allow from 172.16.2.0/24
 # Allow LAN Location B
 allow from 172.16.3.0/24
 # Allow VPN-subnet
 allow from 172.16.250.0/24
 # Username/password request
 AuthType Basic
 AuthName "Example.Com Intranet"
 AuthUserFile /usr/local/etc/intranet/webusers.pwl
 require valid-user
 # Allow or require must be satisfied
 Satisfy any
</Directory>
And it is working well, if you're from outside the defined subnets... you need to enter your username/password.
