Tuesday, October 2, 2012

Apache Basic Auth through a Reverse Proxy

It took me like a whole day of googling to figure this out.Say you have a web service that doesn't have any form of authentication and you want to open it up to a public ip but still setup some security. If you are this guy then you may want to try basic auth.

Step 1 : Create password file
htpasswd -c /home/user/.passwdFile <username>

Step 2 : Setup the reverse proxy
Setup the reverse proxy

LoadModule proxy_module      modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module    modules/mod_headers.so
LoadModule ssl_module        modules/mod_ssl.so
LoadModule auth_digest_module modules/mod_auth_digest.so

ProxyRequests Off
ProxyVia Off

ProxyPass /
ProxyPassReverse / is the url:port that your webservice is running on. From the above commands your app will be open at
Remember to include the relevant modules as has been done above the proxy stuff

Step 3 : Setup basic authentication. My mistake was that I was using directory instead of location. Directory refers to to the filesystem while Location refers to webspace..url and stuff

<Location />
    AllowOverride AuthConfig
    Options ExecCGI
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "My awesome webservice"
    Require valid-user
    AuthUserFile /home/user/.passwdFile

So put this in your httpd.conf file and restart apache.There you have it basic auth on a reverse proxy.
Bigups to http://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication ,

1 comment:

  1. Another cool thing is using curl to access pages restriced by basic auth
    curl --user username:password http://url.com