I needed to password protect a page, but only if it was not being requested from a trusted ip address. I was not sure apache could do this, but lo and behold, a magical Satisfy directive.

.htaccess file

Satisfy Any

AuthName "Password protected area"
AuthType Basic
AuthUserFile /home/joeshmoe/.htpasswd
require valid-user


Order Deny,Allow
Deny from all
Allow from 10.1.1.79