Apache: mod_proxy and basic http authentication

Filed under: TechNotes — lars @ 09:58:00 am

Reverse proxying, if you don't know, is an excellent way of exposing a web resource via another web/proxy server.  This allows you, for example, to expose many web applications on a secure network via one Apache instance that is accessible to the Internet.  This reverse proxy instance 'middle mans' requests to the other applications, which may be on other physical servers, whilst the end user is aware only that they are accessing this one Apache instance.  So http://internetweb.com/signup might proxy requests to a URL on your internal network like http://192.168.0.1/customerarea/signup.

Today I wanted to set up an instance of Apache to listen for https/ssl requests and reverse-proxy these to another web application (in this case, the excellent ajaxterm remote administration software, running on a different port on the same machine).  However, I wanted the user to authenticate via basic HTTP authentication before they were allowed access to this resource.

Http.conf directives such as AuthType and AuthUserFile that enfore http authentication normally live inside the <Directory> directive.  This does not work for a reverse-proxy setup as a directory on the filesystem never gets accessed, and hence never triggers these rules.  So, today I learned about the existance of the Location directive, and have made the following resulting additions to my http.conf:

<VirtualHost _default_:443>
<Location /ajaxterm>
AuthType Basic
AuthUserFile "/path/to/password/file/htpasswd"
AuthName Limited!
require valid-user
</Location>

ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /ajaxterm/ http://localhost:8022/
ProxyPassReverse /ajaxterm/ http://localhost:8022/
...
</VirtualHost>

The above will cause me to be prompted for a username and password when I access https://servername/ajaxterm/ in my browser.  After authenticating successfully as one of the users specified in my htpasswd file, Apache will transparently provide me access to http://servername:8022/.

Comments

  • Xibel
    Works like a charm! Thanks for this nice example.

    Comment by Xibel [Visitor] — 05/23/16 @ 23:23

Leave a comment

Allowed XHTML tags: <p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small>


Options:
(Line breaks become <br />)
(Set cookies for name, email & url)




powered by  b2evolution