It is a common question I get from other developers or admins, they try to protect their website with a passwrod, but whitelist (allow passwordless acces) from certain IPs, to avoid the hassle when accessing from secure IPs.
Here is how to do it with Apache 2.4.x with a method that actually works.
First, you’ll need a classic block that will define the basic parameters for Apache, where to find the password files, etc:
AuthUserFile /some/path/.htpasswd
AuthName "Please Log In..."
AuthType BasicThen just add a RequreAny block like this, to make all the requirements work:
<RequireAny>
Require valid-user
Require ip 1.2.3.4
Require ip ....
</RequireAny>This way, if any of the requrements are hit in the <RequreAny> block, the page will open.