Apache Authentication with Proxy

I've enjoyed leveraging Apache mod_rewrite and mod_proxy to leverage both the power of URL rewriting and the APJ proxy to proxy CFML requests to Railo running on Tomcat. I allow Apache to still handle requests for static assets (images, javascript, etc.). Today, I ran into a problem when I wanted to slap some basic authentication on a site. Requests handled entirely by Apache (static assets) were challenged for authentication, but CFML requests were proxied to Tomcat without requiring authentication. It makes perfect sense, as did the solution once I found it, but it just didn't occur to me at first.

First, here's a quick example of a basic virtual host that I'd use:

After creating a password file using the htpasswd command, I thought I'd simply add the following inside my VirtualHost to provide basic authentication.

Unfortunately, as I mentioned, this only protected non-proxied requests. Fortunately, I found the tip for my solution relatively quickly at stackoverflow, here. I simply needed to apply the same authentication directives within the Proxy context.

Here's the revised virtual host with basic authentication for both static assets and those proxied to Tomcat: