So, I fixed this by adding a new CNAME for my internal server that my external facing server proxied directly to the internal server, in essence a proxied virtual host.
<virtualhost *:80>
ServerName internal.site.com
ProxyPass / http://192.168.1.102:80/
ProxyPassReverse / http://192.168.1.102:80/
<Proxy http://192.168.1.102:80/* >
Order allow,deny
Allow from All
Satisfy Any
</Proxy>
</virtualhost>
Then the internal server enforces digest authentication like in the question.