you will need to create a separate rule for each condition, then merge them by hand when you apply the access restriction to the page, for example:
<?php
if ((WA_Auth_RulePasses("Rule 1")) && (WA_Auth_RulePasses("Rule 2"))){
WA_Auth_RestrictAccess("login.php");
}
?>