diff --git a/templates/vhost.conf b/templates/vhost.conf
index 942478731eba2dd4b88c5e403dc45a1f00979abc..abf74a0715d1ea9380e93877616c71ce7a9682a2 100644
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -89,22 +89,30 @@
 {% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
     AuthType {{ drupal_domain.apache_auth.type }}
     AuthName "{{ drupal_domain.apache_auth.name }}"
-{% if drupal_domain.apache_auth.passwdfile is defined %}
-    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.passwdfile }}
-{% else %}
     AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}
+{% if drupal_domain.apache_auth.ips is defined %}
+{% for ip in drupal_domain.apache_auth.ips %}
+    SetEnvIF X-Forwarded-For ^{{ ip|regex_escape() }}$ AllowIP
+{% endfor %}
 {% endif %}
-{% if drupal_domain.apache_auth.manual_auth is defined %}
-    {{ drupal_domain.apache_auth.manual_auth }}
-{% else %}
-{% if drupal_domain.apache_auth.extra_users is defined %}
+{% if drupal_domain.apache_auth.extra_users is defined or drupal_domain.apache_auth.ips is defined %}
     <RequireAny>
+{% if drupal_domain.apache_auth.extra_users is defined %}
 {% for user in drupal_domain.apache_auth.extra_users %}
       <RequireAll>
+{% if user.expression is defined %}
         Require expr "{{ user.expression }}"
+{% endif %}
         Require user {{ user.user }}
       </RequireAll>
 {% endfor %}
+{% endif %}
+{% if drupal_domain.apache_auth.ips is defined %}
+      Require env AllowIP
+{% for ip in drupal_domain.apache_auth.ips %}
+      Require ip {{ ip }}
+{% endfor %}
+{% endif %}
       <RequireAll>
         Require {% if drupal_domain.apache_auth.password is defined %}user {{ drupal_domain.apache_auth.user }}{% else %}all granted{% endif %}
 
@@ -113,7 +121,6 @@
 {% else %}
     Require user {{ drupal_domain.apache_auth.user }}
 {% endif %}
-{% endif %}
 {% else %}
 {% if apache_version|default('2.4') == '2.2' %}
     Order allow,deny