Use Require [ip|host|env] to specify who has access to your vhost or location.
<Directory "/docroot">
Require ip 10.10.11.12
</Directory>
When it comes to redirecting, think about a custom error page. This is much more general, because every unauthorized access should provoke a 403 error and thus can be evaluated easily.
I never did this with apache, but use this strategie with nginx. For apache something like this should do:
ErrorDocument 403 http://homepage.example.com
Custom error documents are configured using the ErrorDocument directive, which may be used in global, virtualhost, or directory context. It may be used in .htaccess files if AllowOverride is set to FileInfo. (from the apache docs)