I can see how this would be a useful property in a pinch, but personally it would make me rather uncomfortable.
First of all, IP white lists in general make less and less sense in a world of carrier grade NAT and mobile Internet. The position of a device or user on the network is fluid and not particularly meaningful. If you want to authenticate the user, authenticate the user.
Second, while an IP white list at the http level is fishy, an IP white list at the http level that is conditional on information in an http header (the Host: field) is a huge screaming red flag. I can think of a dozen ways for everything to go sideways.
Third, serving both internal and external traffic from the same httpd process/reverse proxy is a huge smell for your network architecture. The only hardware that gets to see both internal and external traffic should be your router, and it should have no business serving web applications.
I’m sure you have your reasons for doing things this way, as does OP, but I really urge you to take a good look and evaluate whether it’s worth it.