I have a site on our Intranet that is currently wide open. We need to add password controls to it so we can allow some people to see certain sub-directories of the site, but not everything. The catch is, we'd like to bypass the password security if the incoming connection is from a particular IP range.
So what I'm wondering is if Apache 2.0.x allows this sort of "combo authorization" model. Ideally, it should check the incoming IP address first. If it is "allowed" then the user can connect without a password. If it isn't in the allowed IP range, it performs a password check.
Any thoughts? Does Apache 2.2.x support this?