A common (good) practice is to protect your staging/dev instances with a password. It can be annoying with old browsers that don’t store passwords.
To allow your office IP to connect without entering a password, just add the following lines to your virtualhost config:
AuthName "Protected" AuthUserFile /path/to/.htpasswd AuthType Basic Satisfy Any <Limit GET POST> Order Deny,Allow Deny from all Allow from 220.127.116.11 Allow from 18.104.22.168 Require valid-user </Limit>
- replace 22.214.171.124 with your IPs.
See also Apache HTTP Server Tutorial: .htaccess files