Info
This post worked for me, and for my situation. I found very little documentation on it, so I wrote my own code. If this does not work or you, my sincerest apologies, There are 1000’s of other tutorials out there that may help you out a bit more.
WARNING
This solution best works for those with an Internal and External Web Server, if you do not have an internal server, the final solution will not function. The final result is not 100% secure as it is vulnerable to referer spoofing, the first two options are vulnerable to IP spoofing. This solution is meant as a deturent, and is not ultimatly secure.
Being a server administrator, I am no stranger the “.htaccess” file.  In fact most web administrators/master should know what this files does.  Today’s issue however is not something an administrator would normally come across, in fact, I found NO documentation on this particular solution and had to come up with it on my own, using a few differed resources on the net.

Problem:

At work my department had an internal site which was accessible only from a certain IP address.  So having the following works great:

[code]AuthName "Internal Portal"
AuthUserFile "/var/www/internal/.htpasswd"
require valid-user
Order Deny,Allow
Deny from all
Allow from 192.168.1.100
Satisfy Any[/code]

However our firewall settings prevented the functionality I needed (the sites are on our gateway, which does not allow traffic to itself via the outside world, so some WordPress features just wouldn’t work) so I decided to put our site on our regular cPanel server.  And since it is no longer on the inside, the above code will not work as the internal IPs are not forwarded out. Now if you are in a private business environment (no one from the public uses your systems) and you want everyone from ONLY your office to have access, everyone else gets the Authentication window (for access from Home by authorized users), then you could use the following:

[code]AuthName "Internal Portal"
AuthUserFile "/home/username/.htpasswds/public_html/directory/passwd"
require valid-user
Order Deny,Allow
Deny from all
Allow from [your external IP goes here] Satisfy Any[/code]

Now in my situation things get a bit more tricky, since all systems, including our publicly accessed computer centre, are all on the same pubic IP, although it would block users from home, it would not stop the public using our computer centre from accessing.

In order to make it secure as possible, I need a way of making it recognize only a few machines internally. This can be done. but it needs to have two .htaccess files, one internal, one external.

Solution

I will explain by words first I keep the internal .htaccess file I mentioned above, allowing all the IP’s I need to have access, but I move it to the root of the web server (add more security).  This makes sure that only the systems I want to have access are granted access to the file that will get me on the web server.

In the root folder where I placed the internal .htacces I create a new folder and create an index.html file that has the refresh header code set to the site on the external server.  For instance say my internal server is 192.168.1.1, which is where I put my .htaccess file. I would put the forwarder into a sub folder with a name someone could remember – i.e. portal. Now in my case its a lot easier than that as the computers that will have access have short-cuts on the desktop so they don’t have to memorize it which means I can have the added security of having a randomly, easily forgettable folder name.  The reason for this, is to prevent spoofing, someone may realize its an internal IP referral, but they would have to guess the internal folder name as well which makes it that much harder for an unauthorized person to have access.

Now on the server, in the directory I wish to keep private, the .htaccess file only allows access to those who come from 192.168.1.1/portal.  This works because the internal server sends out the referral as its internal IP and not the external, unlike a client system which sends out its public IP.  Now I also have to add my external website as a referer as well so that when I change pages, it allows me to, other wise it will block you as you are not coming from 192.168.1.1/portal.

Here are the two files:

Internal Server:

[code]AuthName "Intenral Portal"
AuthUserFile "/var/www/.htpasswd"
require valid-user
Order Deny,Allow
Deny from all
Allow from 192.168.1.100
Allow from 192.168.1.101
Allow from 192.168.1.102
Satisfy Any
[/code]

On the External server:

[code]SetEnvIf Referer "^http://192.168.1.1/portal/" noauth=1
SetEnvIf Referer "^http://external.site.com" noauth=1
AuthType Basic
AuthName "Intenral Portal"
AuthUserFile "/home/username/.htpasswds/public_html/directory/passwd"
require valid-user
Order Deny,Allow
Deny from all
Allow from env=noauth
Satisfy Any[/code]

Note, on the external ones, generate your .htaccess file via the cPanel Password Protect Directories manager, makes life a lot simpler. For the internal ones, just use any .htpasswd generator on the web and enter it manually.

UPDATES

UPDATE - April 4, 2014 - Noonish
I just noticed this works awesome in Chrome, as Chrome sends the refering link in the headers, however by default Firefox and Internet Explorer don’t send this info on… which of course results in the user being presented with the login popup… working on fix
UPDATE - April 4, 2014 - 3:00pm
The issue was with the forwarding .html document on the local server. Seems Firefox and Internet Explorer do not send the referer header when using the <meta “http-equiv=”refresh”> tag. A way around this which should work in all browsers, is to use a Javascript.