For example, let's say you want to require no authentication for internal access, but a password for external access.
Access from inside the company can be controlled by the global IP address.
If a password is required, basic authentication can be used. For security purposes, the connection should be an HTTPS connection.
If you are using virtual hosts, put this in the directive for each virtual host.
If you are using a reverse proxy, put it in the Proxy directive. You can remove the original access restriction settings.
<RequireAny> # IP Authentication Require ip 192.168.10.10 # Basic authentication AuthType Basic AuthName "Secret Zone" AuthUserFile /var/www/.htpasswd Require valid-user </RequireAny>
RequireAny will result in successful authentication if any of the following succeeds: IP authentication succeeds, or Basic authentication succeeds.