I'm having trouble figuring out how to adding basic HTTP authentication to password-protect a development testing environment running on a production web server. Both the main site and the testing environment are virtual hosts that use AJP proxying to serve separate instances of Tomcat webapps. We need to prevent the public from accessing the testing environment without making changes to web.xml in the Tomcat environment the protection must be achieved with Apache not Tomcat. However the ProxyPass and ProxyPassReverse directives in the virtual host seem to override the use of .htaccess or anything I put in a <Directory> control block, while it seems that I cannot use directives like AuthType in the main body of the <VirtualHost> control block alongside. I'm not very experienced with Apache (or Tomcat) and unsure about what directives can apply where and which might override others. Because the changes need to be made on a production server, I can't easily experiment for fear of causing any downtime.
The httpd.conf itself is very simple:
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadFile /usr/lib/libxml2.so
The relevant virtual host file, /etc/apache2/sites-available/dev443 is as follows:
<IfModule mod_ssl.c>
<VirtualHost dev.mydomain.com:80443>
ServerName dev.mydomain.com:80443
ServerAdmin webmaster@localhost
DocumentRoot /var/www/dev
ProxyPass / ajp://127.0.0.1:8010/
ProxyPassReverse / ajp://127.0.0.1:8010/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/dev/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel info
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificateFile /etc/ssl/certs/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
For the record, the following versions are involved: Apache: 2.2.14 / Tomcat: 7.0.23 / Java: SE 1.6.0_26-b03 / OS: Ubuntu 10.04 LTS
