Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Apache httpd with SSL, Basic Auth and ProxyPass

Posted on 2009-04-06
2
2,829 Views
Last Modified: 2012-06-27
i have Apache httpd V2.2 to front Jboss and Jetty runing behind it.  Apache is in DMZ and Jboss / Jetty are in our secure Corp network.   I have it so that all of my ssl requrests get proxy'ed (via ssl virtualhosts) to jboss and Jetty and all that works just fine, but now i need to add some sort of authentication to apache so that the page on Jetty requires some simple authentication before they can be viewed.  We can use the same username / password for every one in the company so that only employees cansee the site.  Below is the snippet fromt he ssl.conf file.  the "AuthType Basic" doesn't seem to work with the "ProxyPass" int he config.  i'm sure there is a way around this issue.

<VirtualHost 192.168.10.77:443>
Servername dev.tcp.ABC.com:443
ErrorLog logs/dev_tcp_temp_ssl_error_log
TransferLog logs/dev_tcp_temp_ssl_access_log
LogLevel warn
SSLProxyEngine on
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/dev_tcp_temp.crt
SSLCertificateKeyFile /etc/pki/tls/private/dev_tcp_temp.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#        <Directory "/var/www/html/">
        <Directory "/">
            AuthType Basic
            AuthName "Restricted Directory"
            AuthBasicProvider file
            AuthUserFile /etc/httpd/conf.d/passwords
            Require user tptest
            Require valid-user
#            AuthAuthoritative on
        </Directory>

    RewriteEngine on
    RewriteRule ^/$ /chp/ [R]

    ProxyPass / http://192.168.72.82:9999/
    ProxyPassReverse / http://192.168.72.82:9999/

</VirtualHost>
0
Comment
Question by:nohurt
2 Comments
 
LVL 27

Accepted Solution

by:
caterham_www earned 500 total points
ID: 24085124
>         <Directory "/">
>            AuthType Basic

Use <Location /> instead of <directory /> since your requests are not related to the file system.
0
 

Author Closing Comment

by:nohurt
ID: 31567320
worked like a charm.
I can't believe it was that simple and i spend hours searching for a solution...
Thank you.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question