Yes you are correct. I have an intranet that users can view a "intranet" website. So what I am attempting to do is state if the request comes from anything other than the 10.0.0.0/8 network then use the .htpasswd file to request authentication or a login page whatever is easier.
Oh, I see. In 2.2 "Require" is only a directive. In 2.4 it's also an envelope, with "RequireAll" and "RequireAny" options. And it's all shifted from core to a named mod. At this point it's probably safe to assume 2.2 though.