Your comments

I did think of applying the IP restrictions to the actual folders on the server, but since nobody actually accesses those files/folders directly, rather the file is served indirectly via PHP, I did not think this would work.

no I don't see that option, maybe this is an enterprise setting, I am only using the free version.

But it seems like it would still require a login, which is what I want to avoid. The allowed IP range should have direct access to the files.

The only workaround I can think of is that I run another install of FILERUN and restrict the entire app by IP.