use mod_rewrite to test the requesting IP with a RewriteCond and internally rewrite to the alternate path with a RewriteRule.

it would be an understatement to say that some of the people in the webmasterworld forums make me feel very humble and out of my league. So often I feel like a "wanna be" here :-)
Anyway... here is the coding I have come up with, (found here on WebmasterWorld and modified really). It is not working for me though.
This is what I have in my htaccess file
Am I close, or beyond help?
What I really want to do is have every request for each one of four pages go to a different page based on if the visitor is coming from one of 5 different IP's.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^12\.34\.56\.78$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.34\.56\.78$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.34\.56\.78$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.34\.56\.78$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.34\.56\.78$
RewriteRule ^(.*)$ [http://www.mysite.com/differentpage.html] [L]

Close, but you don't want those braces in the URL for the rule, try it without the [ ]:
RewriteRule ^(.*)$ http://www.example.com/differentpage.html [L]

BTW, that will default to a 302 (Temporary) without [R=301,L] where you have the [L]

BTW, that will default to a 302 (Temporary) without [R=301,L] where you have the [L]

Providing the destination URL is on the current host, which seems to be implied, then this will result in an internal rewrite, not a redirect at all - which I assume is the intention. (In the case of an absolute URL, the scheme and hostname are stripped from the substitution if they match the current host and it's then treated as a URL-path.)

Also, no need for a capturing parenthesised sub-pattern if you are not doing anything with it.

^(.*)$

Could be written:
.*

Providing the destination URL is on the current host, which seems to be implied, then this will result in an internal rewrite, not a redirect at all

Nope, it's always a redirect, unless behavior has changed between Apache versions.

If the target includes protocol-plus-host-- whether "correct" (with/without www) or not --the rule will lead to an external redirect, whether or not the [R] flag is present. Absence of [R=301] will, of course, default to 302 as seen in logs.

I didn't study Apache docs; I just experimented on my test site.

Corollary head-scratcher: Thanks to combination of (a) randomly chosen word "widget" in pattern of test rule and (b) file named "widget.php" used as SSI in one directory, I discovered that handling of SSIs when this rule is in effect does vary according to whether R flag is present or absent. Essentially it behaves as if [R] implies [NS]. I do not pretend to understand this.

Nope, it's always a redirect ... I didn't study Apache docs; I just experimented on my test site.

Well, g-whizz - thanks for the correction! That'll teach me for reading the Apache docs [httpd.apache.org] (and not actually testing it)! But in that case, why are the Apache docs written so...

If an absolute URL is specified, mod_rewrite checks to see whether the hostname matches the current host. If it does, the scheme and hostname are stripped out and the resulting path is treated as a URL-path. Otherwise, an external redirect is performed for the given URL. To force an external redirect back to the current host, see the [R] flag below.

If it always results in an external redirect then that last bit is wrong, or at best extremely misleading?! This is as written in the 2.2 and 2.4 Apache docs. In fact, the Apache 2.0 docs [httpd.apache.org] are more clear...

Remember: An unconditional external redirect to your own server will not work with the prefix

http://thishost

because of this feature. To achieve such a self-redirect, you have to use the R-flag

Is this behaviour different in a server config / virtual host context perhaps? Or what does this mean?!

The mention of CPanel in the OP leads me to think of a shared hosting environment. I believe that the %{REMOTE_HOST is considered as a server variable and that is why it handles differently from internal variables such as %{THE_REQUEST

I know nothing, but that is the only kind of reason I can see why it might not follow general behavior(?)
_{Sorry it would take days to peel it all apart and put it into more betterier terms..}

Meanwhile, on the original question...

Why is cloaking the right approach? Can't you just give 'em the 403 they appear to deserve?

more betterier terms

Sounds good to me :)

What I really want to do is have every request for each one of four pages go to a different page based on if the visitor is coming from one of 5 different IP's.

what is still not clear to me is if you want to cloak these responses (internally rewrite the requests to different content for the requested url) or redirect these requests (the browser requests a new url provided in your response)