Basic Authentication with Apache 2.2.*, mod_proxy_balancer, and Mongrel

Clients frequently like to keep applications under development behind some kind of basic authentication. Apache makes this easy, but mod_proxy_balancer complicates things slightly. While you normally put your AllowOverride, AuthType, etc. directives under the correct Directory definition, if you try doing this alone with a Rails app running on a mongrel cluster, you'll see it doesn't work. Instead, you'll get an authentication dialog for each resource on the page (stylesheet, pictures, etc.) and it will still allow you through to the code! Probably has something to do with the URL rewriting going on to make the cluster proxying possible (which doesn't happen in the Directory clause).

The solution was found here: put your authentication directives in the proxy definition itself:

<Proxy balancer://my_awesome_cluster> BalancerMember https://127.0.0.1:9000 BalancerMember https://127.0.0.1:9001 BalancerMember https://127.0.0.1:9002 BalancerMember https://127.0.0.1:9003 AllowOverride AuthConfig AuthType Basic AuthName "Top Secret, biotch" AuthUserFile /etc/apache2/authorized_users.passwd Require valid-user </Proxy>

That'll put the kibosh on broke ass mahfuckahz. Hope this helps somebody.

Read this article
Written on Thursday, September 06, 2007