I have a site which has has an admin area located at www.domian.com/admin
and an api area located at www.domain.com/api.
I need to lock down the whole site by ip address except urls starting with /api.
The site is hosted on an apache server and I am using the CakePHP framework which I believe uses mod_rewrite to manage its urls. i.e. there is no physical /api directory.
Is there a way to set up IP Blocking with .htaccess or in the httpd.conf to work for this setup?