Apache .htaccess files and Allowing from IP Address

Apache documentation on .htaccess
Apache documentation on auth.html

to create a new password file:

# htpasswd -c /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

to append to existing password file:

# htpasswd /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

To allow access to just specific directories, block access the the root level. The .htacess file in the document root should look like this:

# Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from localhost
Allow from 192.168.1.0/24

Then create an .htaccess file in whatever directories you want to allow access to:

Allow from all

Other .htaccess tricks

Use password protection but allow from IP address

Example:

AuthUserFile /path/to/.htpasswd
AuthName "Restricted Access"
AuthType Basic
require user [username]
satisfy any
deny from all
allow from 192.168.1.
allow from 10.1.1.45
allow from 172.16.5.106