I've a subdomain that I only want to be accessible internally; I'm trying to achieve this in Apache by editing the VirtualHost block for that domain. Can anybody see where I'm going wrong? Note, my internal IP address here are 192.168.10.xxx. My code is as follows:

<VirtualHost *:80>
  ServerName test.example.co.uk
  DocumentRoot /var/www/test
  ErrorLog /var/log/apache2/error_test_co_uk.log
  LogLevel warn
  CustomLog /var/log/apache2/access_test_co_uk.log combined
  <Directory /var/www/test>
    Order allow,deny
    Allow from 192.168.10.0/24
    Allow from 127
  </Directory>
</VirtualHost>

Thanks

You're missing the Deny from all line? Oh, and using the wrong order.

Quoting the mod_access docs:

[...] all hosts in the apache.org domain are allowed access; all other hosts are denied access.

Order Deny,Allow
Deny from all
Allow from apache.org

The problem is your allow line for the local network. Replace Allow from 192.168.10.0/24 with Allow from 192.168.10. (will allow 192.168.10.*).

For completeness, add a Deny from all line to make it clear that you're blocking everyone else.

I suppose the path inside Directory tag should be simply /

<VirtualHost *:80>
  ServerName test.example.co.uk
  DocumentRoot /var/www/test
  ErrorLog /var/log/apache2/error_test_co_uk.log
  LogLevel warn
  CustomLog /var/log/apache2/access_test_co_uk.log combined
  <Directory />
    Order allow,deny
    Allow from 192.168.10.0/24
    Allow from 127
  </Directory>
</VirtualHost>

and please don't forgot to restart apache