How can I password-protect applications behind mod_proxy in Apache?

apache tomcat passwords basic-authentication mod-proxy
Vihung picture Vihung · May 9, 2014 · Viewed 7.2k times · Source

I have a number of web applications running in a Tomcat instance.

They are fronted by an Apache instance, using mod_proxy.

Each web application is a silo in and of itself, each with its own user credential store and user authentication and authorisation. I want to continue using that.

However, I would like to apply simple password protection at the Apache level - maybe just a single known username/password using Basic Auth - before the requests are forwarded on to the Tomcat instance. Is this possible? and how can this be done?

Answer

arco444 picture arco444 · May 9, 2014

You can do this within the <Location> directive

Example:

ProxyPass /mytomcatapp http://localhost:8080/app1

<Location /mytomcatapp>
  AuthType Basic
  AuthName "Wrapper auth"
  AuthBasicProvider file
  AuthUserFile "/path/to/users.htpasswd"
  Require valid-user
</Location>

This will give you HTTP Basic Auth when hitting yoursite.com/mytomcatapp

Related questions

Difference between the Apache HTTP Server and Apache Tomcat?

What is the difference in terms of functionality between the Apache HTTP Server and Apache Tomcat? I know that Tomcat is written in Java and the HTTP Server is in C, but other than that I do not really know …

Read More
How to Detect cause of 503 Service Temporarily Unavailable error and handle it?

i am getting the error 503 Service Temporarily Unavailable many times in my application and i want to detect why this error occurs, how ? if there's a log file or something like that, since i am not familiar with apache. second …

Read More
Error during SSL Handshake with remote server

I have Apache2 (listening on 443) and a web app running on Tomcat7 (listening on 8443) on Ubuntu. I set apache2 as reverse proxy so that I access the web app through port 443 instead of 8443. Besides, I need to have SSL communication …

Read More