Have you considered a router with a VPN tunnel instead? They are quite inexpensive and by far a much better solution.

If the better VPN router solution isn't feasible, see mod_access "Order Deny, Allow" and "Allow from <IP address range>", and the Apache core "Require" and "Satisfy Any" directives. Using these four pieces, it is possible to construct a situation where users from particular IP address ranges are allowed to access the site directly, while users outside those ranges must use HTTP Authentication/Authorization to log in.

There is a decent "app note" on authentication and authorization on the apache.org Web site.

Jim

Thx for your help guys, very much appreciated.

Minutes after sending my post I found a relatively deep explanation under httpd.apache.org/docs/1.3/howto/auth.html

However, I did not really succeed, yet.

I think I successfully created a user file with htdigest.
Access is also blocked from outside,whereas intranet works fine.

But if I try to add lines allowing a password-protected request from external IPs, something goes wrong.
This is my syntax for the <directory>-options, which doeas not work (the apache server refuses to start at all):

<Directory "C:/pathto/htdocs">
AuthType Digest
AuthName "myrealm"
AuthDigestFile /bin/digest
Require user root
Order deny,allow
Deny from all
Allow from 192.168
</Directory>

What's wrong with this?

@coopster: I will think about the VPN-tunnel-idea but for the time being I'd just like to refine my understanding of the way apache works.

You missed the "Satisfy" directive that I cited above. It's the key to allowing the IP address range to override the login requirement...

See the "Satisfy" directive in Apache core docs.

Jim