I'm trying to configure my htaccess so that it asks everyone but users on my LAN for username/password.

The password part is working just fine, but I'm concerned that I have done something wrong/am missing something. When I'm accessing from "outside", it just allows access, without asking for password.

What am I doing wrong?

Order allow,deny
Allow from 10.0.0
Deny from all
AuthName "Login required"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
Satisfy any