Use .htaccess to restrict external access to my Intranet

Question

I'm sure this is possible, but its beyond my meager abilities with .htaccess files.

We have an internal php app that we use, we have basic security internally, but dont need to worry too much. I would like to make it available online for use when staff are out and about. I would like to have additional security based on htaccess or htpassword files.

Is it possible to write a htaccess file that does the following

• If user is accessing from office.mydomain.com it means they are internal (office.mydomain.com resolves to an internal ip like 192.168.22.22) so allow unimpeded access
• If the user is accessing from outside it will be external.myoffice.com - if this is the case as an added bit of security I would like to use .htaccess and a password file to get the user to enter an apache password.

Can anyone tell me how to write this with .htaccess file?

Update: Thanks for all the answers, I have posted what worked for me as an answer to help others.

Answer 1

I think this does do what you want; http://codesanity.net/2009/11/conditional-htpasswd-multienvironment-setups/ http://tomschlick.com/2009/11/08/conditional-htpasswd-multi-environments/

https://tomschlick.com/2009/11/08/conditional-htpasswd-multi-environments

Correct address for the resource as of 2022/01/15. https://tomschlick.com/conditional-htpasswd-multi-environments/