Apache Authentication with Proxy

I've enjoyed leveraging Apache mod_rewrite and mod_proxy to leverage both the power of URL rewriting and the APJ proxy to proxy CFML requests to Railo running on Tomcat. I allow Apache to still handle requests for static assets (images, javascript, etc.). Today, I ran into a problem when I wanted to slap some basic authentication on a site. Requests handled entirely by Apache (static assets) were challenged for authentication, but CFML requests were proxied to Tomcat without requiring authentication. It makes perfect sense, as did the solution once I found it, but it just didn't occur to me at first.

First, here's a quick example of a basic virtual host that I'd use:

<VirtualHost *:80>
    ServerName mysite
    DocumentRoot /var/www/mysite/webroot/
    DirectoryIndex index.cfm

    <Proxy *>
        Allow from 127.0.0.1
    </Proxy>

    ProxyPreserveHost On
    ProxyPassReverse / ajp://mysite:8009/

    RewriteEngine On

    RewriteRule ^(.+\.cf[cm])(/.*)?$ ajp://%{HTTP_HOST}:8009$1$2 [P]
</VirtualHost>

After creating a password file using the htpasswd command, I thought I'd simply add the following inside my VirtualHost to provide basic authentication.

<Directory /var/www/mysite/webroot/>
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /usr/local/etc/apache/mysite.passwd
    Require user someusername
</Directory>

Unfortunately, as I mentioned, this only protected non-proxied requests. Fortunately, I found the tip for my solution relatively quickly at stackoverflow, here. I simply needed to apply the same authentication directives within the Proxy context.

Here's the revised virtual host with basic authentication for both static assets and those proxied to Tomcat:

<VirtualHost *:80>
    ServerName mysite
    DocumentRoot /var/www/mysite/webroot/
    DirectoryIndex index.cfm

    <Directory /var/www/mysite/webroot/>
        AuthType Basic
        AuthName "Restricted Files"
        AuthUserFile /usr/local/etc/apache/mysite.passwd
        Require user someusername
    </Directory>

    <Proxy *>
        Allow from 127.0.0.1
        AuthType Basic
        AuthName "Restricted Files"
        AuthUserFile /usr/local/etc/apache/mysite.passwd
        Require user someusername
    </Proxy>

    ProxyPreserveHost On
    ProxyPassReverse / ajp://mysite:8009/

    RewriteEngine On

    RewriteRule ^(.+\.cf[cm])(/.*)?$ ajp://%{HTTP_HOST}:8009$1$2 [P]
</VirtualHost>

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
BlogCFC was created by Raymond Camden. This blog is running version 5.9.2.002. Contact Blog Owner