How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?

Solution 1:

As you've discovered, the <Directory> blocks don't apply because you're serving content from a proxy server, not a local directory.

Try <Location> instead.

<Location />
    ProxyPass ajp://127.0.0.1:8010/
    ProxyPassReverse ajp://127.0.0.1:8010/
    AuthType Basic
    AuthName "something"
    AuthUserFile /path/to/htpasswd
    Require valid-user
</Location>