I have a similar setup. Select hosts are permitted access without login / pass, while all others need to authenticate. My .htaccess file reads as:
Code:
order Allow,Deny
Allow from 127.0.0.1
Allow from 1.2.3.4
Allow from 5.6.7.8
AuthType Basic
AuthUserFile /home/user/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Site"
require valid-user
Satisfy any