Question
I have a number of web applications running in a Tomcat instance.
They are fronted by an Apache instance, using mod_proxy.
Each web application is a silo in and of itself, each with its own user credential store and user authentication and authorisation. I want to continue using that.
However, I would like to apply simple password protection at the Apache level - maybe just a single known username/password using Basic Auth - before the requests are forwarded on to the Tomcat instance. Is this possible? and how can this be done?
Solution
You can do this within the <Location> directive
Example:
https://stackoverflow.com/questions/23565693
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianProxyPass /mytomcatapp http://localhost:8080/app1
<Location /mytomcatapp>
AuthType Basic
AuthName "Wrapper auth"
AuthBasicProvider file
AuthUserFile "/path/to/users.htpasswd"
Require valid-user
</Location>
This will give you HTTP Basic Auth when hitting yoursite.com/mytomcatapp
