diff --git a/http_basic_auth/drush/Provision/Service/http/basic/auth.php b/http_basic_auth/drush/Provision/Service/http/basic/auth.php
index cd4455c..e41cf18 100644
--- a/http_basic_auth/drush/Provision/Service/http/basic/auth.php
+++ b/http_basic_auth/drush/Provision/Service/http/basic/auth.php
@@ -13,6 +13,7 @@ class Provision_Service_http_basic_auth extends Provision_Service {
     $context->setProperty('http_basic_auth_username');
     $context->setProperty('http_basic_auth_password');
     $context->setProperty('http_basic_auth_message');
+    $context->setProperty('http_basic_auth_whitelist');
   }
 }
 
diff --git a/http_basic_auth/drush/http_basic_auth.drush.inc b/http_basic_auth/drush/http_basic_auth.drush.inc
index 0ee555c..33f8dee 100644
--- a/http_basic_auth/drush/http_basic_auth.drush.inc
+++ b/http_basic_auth/drush/http_basic_auth.drush.inc
@@ -83,7 +83,17 @@ function http_basic_auth_provision_apache_vhost_config($uri, $data) {
 
     $lines[] = "    AuthUserFile $path";
     $lines[] = "    Require valid-user";
-    $lines[] = "    Satisfy All";
+
+    if (!empty(d()->http_basic_auth_whitelist)) {
+
+      $lines[] = "    Order deny,allow";
+      $lines[] = "    Deny from all";
+      $lines[] = "    Allow from " . d()->http_basic_auth_whitelist;
+      $lines[] = "    Satisfy Any";
+    }
+    else {
+      $lines[] = "    Satisfy All";
+    }
     $lines[] = "  </Directory>";
     $lines[] = "";
   }
diff --git a/http_basic_auth/hosting_http_basic_auth.drush.inc b/http_basic_auth/hosting_http_basic_auth.drush.inc
index d5d446c..8c80168 100644
--- a/http_basic_auth/hosting_http_basic_auth.drush.inc
+++ b/http_basic_auth/hosting_http_basic_auth.drush.inc
@@ -8,11 +8,13 @@ function hosting_http_basic_auth_hosting_site_context_options(&$task) {
     $task->context_options['http_basic_auth_username'] = $task->ref->http_basic_auth_username;
     $task->context_options['http_basic_auth_password'] = $task->ref->http_basic_auth_password;
     $task->context_options['http_basic_auth_message'] = $task->ref->http_basic_auth_message;
+    $task->context_options['http_basic_auth_whitelist'] = $task->ref->http_basic_auth_whitelist;
   }
   else {
     $task->context_options['http_basic_auth_username'] = 'null';
     $task->context_options['http_basic_auth_password'] = 'null';
     $task->context_options['http_basic_auth_message'] = 'null';
+    $task->context_options['http_basic_auth_whitelist'] = 'null';
   }
 }
 
@@ -25,6 +27,7 @@ function hosting_http_basic_auth_drush_context_import($context, &$node) {
       $node->http_basic_auth_username = $context->http_basic_auth_username;
       $node->http_basic_auth_password = $context->http_basic_auth_password;
       $node->http_basic_auth_message = $context->http_basic_auth_message;
+      $node->http_basic_auth_whitelist = $context->http_basic_auth_whitelist;
     }
   }
 
diff --git a/http_basic_auth/hosting_http_basic_auth.install b/http_basic_auth/hosting_http_basic_auth.install
index c2a55e4..4c5a487 100644
--- a/http_basic_auth/hosting_http_basic_auth.install
+++ b/http_basic_auth/hosting_http_basic_auth.install
@@ -33,6 +33,11 @@ function hosting_http_basic_auth_schema() {
         'length' => 128,
         'not null' => TRUE,
       ),
+      'whitelist' => array(
+        'type' => 'varchar',
+        'length' => 255,
+        'not null' => TRUE,
+      ),
       'message' => array(
         'type' => 'text',
         'not null' => TRUE,
@@ -63,3 +68,18 @@ function hosting_http_basic_auth_update_6100() {
 
   return $ret;
 }
+
+/**
+ * Add the whitelist field to the table.
+ */
+function hosting_http_basic_auth_update_7300() {
+  $ret = array();
+
+  $field['whitelist'] = array(
+    'type' => 'varchar',
+    'length' => 255,
+    'not null' => TRUE,
+  );
+
+  db_add_field('hosting_http_basic_auth', 'whitelist', $field['whitelist']);
+}
diff --git a/http_basic_auth/hosting_http_basic_auth.module b/http_basic_auth/hosting_http_basic_auth.module
index b889cff..139358b 100644
--- a/http_basic_auth/hosting_http_basic_auth.module
+++ b/http_basic_auth/hosting_http_basic_auth.module
@@ -25,11 +25,23 @@ function hosting_http_basic_auth_form_alter(&$form, $form_state, $form_id) {
       '#default_value' => isset($form['#node']->http_basic_auth_password) ? $form['#node']->http_basic_auth_password : '',
       '#weight' => 1,
     );
+    $platform = node_load($form['#node']->platform);
+    $web_server = node_load($platform->web_server);
+    if (in_array($web_server->services['http']->type, ['apache', 'https_apache', 'apache_ssl'])) {
+      $form['http_basic_auth']['http_basic_auth_whitelist'] = array(
+        '#type' => 'textfield',
+        '#title' => t('IP whitelist'),
+        '#default_value' => isset($form['#node']->http_basic_auth_whitelist) ? $form['#node']->http_basic_auth_whitelist : '',
+        '#description' => t('Space separated list of IP addresses. Have a look at the !link for more options.',
+          array('!link' => l('examples from apache', 'https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#allow'))),
+        '#weight' => 2,
+      );
+    }
     $form['http_basic_auth']['http_basic_auth_message'] = array(
       '#type' => 'textfield',
       '#title' => t('Message'),
       '#default_value' => isset($form['#node']->http_basic_auth_message) ? $form['#node']->http_basic_auth_message : t('Restricted access'),
-      '#weight' => 2,
+      '#weight' => 3,
     );
     return $form;
   }
@@ -47,6 +59,7 @@ function hosting_http_basic_auth_update($node) {
       'username' => $node->http_basic_auth_username,
       'password' => $node->http_basic_auth_password,
       'message' => $node->http_basic_auth_message,
+      'whitelist' => $node->http_basic_auth_whitelist,
     ))
     ->execute();
 }
@@ -72,6 +85,7 @@ function hosting_http_basic_auth_node_insert($node) {
       'username' => $node->http_basic_auth_username,
       'password' => $node->http_basic_auth_password,
       'message' => $node->http_basic_auth_message,
+      'whitelist' => $node->http_basic_auth_whitelist,
     ))
     ->execute();
   }
@@ -112,6 +126,9 @@ function hosting_http_basic_auth_node_validate($node) {
     if (!empty($node->http_basic_auth_username) && empty($node->http_basic_auth_password)) {
       form_set_error('http_basic_auth_password', t('You must specify a password for the HTTP basic authentication.'));
     }
+    if (!empty($node->http_basic_auth_whitelist) && !preg_match('/^[0-9a-z \.:]+$/i', $node->http_basic_auth_whitelist)) {
+      form_set_error('http_basic_auth_whitelist', t('The IP whitelist field contains illegal characters.'));
+    }
   }
 }
 
@@ -121,7 +138,7 @@ function hosting_http_basic_auth_node_validate($node) {
 function hosting_http_basic_auth_node_load($nodes, $types) {
   if (in_array('site', $types)) {
     foreach ($nodes as $nid => $node) {
-      $additions = db_query("SELECT username AS http_basic_auth_username, password AS http_basic_auth_password, message AS http_basic_auth_message FROM {hosting_http_basic_auth} WHERE vid = :vid", array(':vid' => $node->vid))->fetchAssoc();
+      $additions = db_query("SELECT username AS http_basic_auth_username, password AS http_basic_auth_password, message AS http_basic_auth_message, whitelist AS http_basic_auth_whitelist FROM {hosting_http_basic_auth} WHERE vid = :vid", array(':vid' => $node->vid))->fetchAssoc();
       if (!empty($additions)) {
         foreach ($additions as $key => $value) {
           $nodes[$nid]->$key = $value;
@@ -155,6 +172,12 @@ function hosting_http_basic_auth_feeds_node_processor_targets_alter(&$targets, $
       'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_message',
     );
 
+    $targets['http_basic_auth_whitelist'] = array(
+      'name' => t('HTTP Basic Auth - IP whitelist'),
+      'description' => t('IPs that are whitelisted from the basic authentication.'),
+      'callback' => 'hosting_http_basic_auth_set_target_http_basic_auth_simple',
+    );
+
   }
 }