You can use the Apache “Satisfy” directive.
Here is an example of using it :
AuthType Basic AuthName "Please Log In" AuthUserFile /some/path/.htpasswd Require valid-user Order deny,allow Deny from all Allow from 127.0.0.1 Satisfy any
Access without password is only allowed from 127.0.0.1.
Hope this helps.