Difference between revisions of "Apache Authenticate Proxy"

From SlugWiki
Jump to: navigation, search
m (4 revisions imported)
 
(One intermediate revision by one other user not shown)
Line 24: Line 24:
 
</VirtualHost>
 
</VirtualHost>
 
</pre>
 
</pre>
 +
 +
[[Category:Projects]]

Latest revision as of 22:27, 25 August 2015

We have two webhosts, riaa.bemix and lilsis.bemix. lilsis.bemix is visible to the internet over port 80, while riaa.bemix is hidden behind the firewall and only internal machines can talk to it. Therefore we set up apache2 to proxy requests to it via mod_rewrite.

However, we would like to restrict outside access to our bemix server to those who know our secret password. We only care about this password protection for hosts outside the network, though, since we trust everyone on our network. Thus, we set up rock.bemix.org -> riaa.bemix on the internal LAN, and rock.bemix.org -> lilsis.bemix -> riaa.bemix on the external interface.

To accomplish the password protection only for external requests, we write the following virtual hosts file on debian:

$ cat /etc/apache2/sites-enabled/004-rock
<VirtualHost *>
        ServerName rock.bemix.org
        DocumentRoot /var/www/rock

        #only properly authenticated slugs can access bemix
        <Proxy *>
          AuthName "slugs only plz!"
          AuthType Basic
          Require valid-user
          AuthUserFile /etc/apache2/passwdfile
        </Proxy>

        #redirect everything to riaa
        RewriteEngine ON
        RewriteRule ^/(.*)$ http://riaa.bemix/$1 [P]
</VirtualHost>