Apache Authenticate Proxy

From SlugWiki
Revision as of 12:59, 19 March 2007 by Rob (Talk)

Jump to: navigation, search

We have two webhosts, riaa.bemix and lilsis.bemix. lilsis.bemix is visible to the internet over port 80, while riaa.bemix is hidden behind the firewall and only internal machines can talk to it. Therefore we set up apache2 to proxy requests to it via mod_rewrite.

However, we would like to restrict outside access to our bemix server to those who know our secret password. We only care about this password protection for hosts outside the network, though, since we trust everyone on our network. Thus, we set up rock.bemix.org -> riaa.bemix on the internal LAN, and rock.bemix.org -> lilsis.bemix -> riaa.bemix on the external interface.

To accomplish the password protection only for external requests, we write the following virtual hosts file on debian:

$ cat /etc/apache2/sites-enabled/004-rock
<VirtualHost *>
        ServerName rock.bemix.org
        DocumentRoot /var/www/rock

        #only properly authenticated slugs can access bemix
        <Proxy *>
          AuthName "slugs only plz!"
          AuthType Basic
          Require valid-user
          AuthUserFile /etc/apache2/passwdfile

        #redirect everything to riaa
        RewriteEngine ON
        RewriteRule ^/(.*)$ http://riaa.bemix/$1 [P]