How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?
Solution 1:
As you've discovered, the <Directory>
blocks don't apply because you're serving content from a proxy server, not a local directory.
Try <Location>
instead.
<Location />
ProxyPass ajp://127.0.0.1:8010/
ProxyPassReverse ajp://127.0.0.1:8010/
AuthType Basic
AuthName "something"
AuthUserFile /path/to/htpasswd
Require valid-user
</Location>