I thought you said in your original post that you wanted to deny access to people unless they were at the office? So in the htaccess file you would allow the office IP address/es and deny everything else.
Security and privacy
How to restrict users who are not using office's computer?
This discussion has been locked so you can no longer reply to it.