Apache 2.4 and authentication from specific domain names and IP addresses only

I upgraded Apache from 2.2.31 to 2.4.18 on one of my servers. For one particular directory and its subtree, I needed authentication from specific domain names and IP addresses only. If the request doesn’t come from one of the whitelisted domain names or IP addresses, then Apache shouldn’t bother asking the user for authentication, but flat out refuse any service, aka “403 Forbidden”. Programmers refer this to short circuit logical AND. Have a look at C style logical AND, and the keyword andalso in Erlang.

My first try was:

<RequireAll>
  <RequireAny>
    Require local
    Require host .example.net
    Require ip 192.0.2.0/24
    Require ip 2001:db8:dead:cafe::/64
  </RequireAny>
  Require valid-user
</RequireAll>

This didn’t work as expected. I wanted something like:

if ((local_access()
     || domain_name(".example.net")
     || ip4_address("192.0.2.0/24")
     || ip6_address("2001:db8:dead:cafe::/64")
    ) && valid_user()) {
  grant_access(); // 200 OK
}
else {
  deny_access(); // 403 Forbidden
}

After many trial and errors, I arrived at:

<RequireAll>
  <RequireAll>
    <RequireAny>
      Require local
      Require host .example.net
      Require ip 192.0.2.0/24
      Require ip 2001:db8:dead:cafe::/64
    </RequireAny>
  </RequireAll>
  Require valid-user
</RequireAll>

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31