jeremyweiland.com

Clients frequently like to keep applications under development behind some kind of basic authentication. Apache makes this easy, but mod_proxy_balancer complicates things slightly. While you normally put your AllowOverride, AuthType, etc. directives under the correct Directory definition, if you try doing this alone with a Rails app running on a mongrel cluster, you’ll see it doesn’t work. Instead, you’ll get an authentication dialog for each resource on the page (stylesheet, pictures, etc.) and it will still allow you through to the code! Probably has something to do with the URL rewriting going on to make the cluster proxying possible (which doesn’t happen in the Directory clause).

The solution was found here: put your authentication directives in the proxy definition itself:

<Proxy balancer://my_awesome_cluster>
BalancerMember http://127.0.0.1:9000
BalancerMember http://127.0.0.1:9001
BalancerMember http://127.0.0.1:9002
BalancerMember http://127.0.0.1:9003
AllowOverride AuthConfig
AuthType Basic
AuthName "Top Secret, biotch"
AuthUserFile /etc/apache2/authorized_users.passwd
Require valid-user
</Proxy>

That’ll put the kibosh on broke ass mahfuckahz. Hope this helps somebody.

This entry was posted on Thursday, September 6th, 2007 @ 4:13 pm on the category Blogroll. You can follow any responses to this entry through the RSS 2.0 Both comments and pings are currently closed.