Apache Authenticate Proxy
We have two webhosts, riaa.bemix and lilsis.bemix. lilsis.bemix is visible to the internet over port 80, while riaa.bemix is hidden behind the firewall and only internal machines can talk to it. Therefore we set up apache2 to proxy requests to it via mod_rewrite.
However, we would like to restrict outside access to our bemix server to those who know our secret password. We only care about this password protection for hosts outside the network, though, since we trust everyone on our network. Thus, we set up rock.bemix.org -> riaa.bemix on the internal LAN, and rock.bemix.org -> lilsis.bemix -> riaa.bemix on the external interface.
To accomplish the password protection only for external requests, we write the following virtual hosts file on debian:
$ cat /etc/apache2/sites-enabled/004-rock <VirtualHost *>
ServerName rock.bemix.org DocumentRoot /var/www/rock
#only properly authenticated slugs can access bemix <Proxy *> AuthName "slugs only plz!" AuthType Basic Require valid-user AuthUserFile /etc/apache2/passwdfile </Proxy>
#redirect everything to riaa RewriteEngine ON RewriteRule ^/(.*)$ http://riaa.bemix/$1 [P]