It is a common question I get from other developers or admins, they try to protect their website with a passwrod, but whitelist (allow passwordless acces) from certain IPs, to avoid the hassle when accessing from secure IPs.
Here is how to do it with Apache 2.4.x with a method that actually works.
First, you’ll need a classic block that will define the basic parameters for Apache, where to find the password files, etc:
AuthUserFile /some/path/.htpasswd AuthName "Please Log In..." AuthType Basic
Then just add a RequreAny block like this, to make all the requirements work:
<RequireAny> Require valid-user Require ip 18.104.22.168 Require ip .... </RequireAny>
This way, if any of the requrements are hit in the <RequreAny> block, the page will open.