probably, apache is VERY powerful but that is outside my knowledge. better to ask in some apache forum
Sure, i think your suggestion implementation apache authentication is good, more safe.
But for final user is strange, use entry user / password twice ... or need another user / password
For new server ( IP ), is acceptable, I think
I will search about this.
Thanks
Solve:
Allow from IP
Require valid-user
Satisfy Any