Apache as SSL front-end for lame web app
Christopher Schmidt
crschmidt at crschmidt.net
Thu Nov 9 08:01:40 EST 2006
On Wed, Nov 08, 2006 at 10:22:07PM -0500, Ben Scott wrote:
> Hi list,
>
> Hoping someone who knows more about Apache than I do can answer this
> quickly and easily, or point me in the right direction.
>
> Say I've got a lame web application running on a lame OS. No real
> authentication in the app. No SSL. Can't touch the config of the
> app's host OS or web server for lame reasons.
>
> I want to put an Apache box in front of it, and have Apache turn
> plain old HTTP into HTTPS, and also add a separate username/password
> prompt system to protect the lame app from being touched by anyone who
> doesn't at least have *some* credentials. Basically, turning a lame
> application with a "trusted LAN only" mentality to something might
> actually be safe to put on teh Interwebs.
>
> Any suggestions on how I might go about doing this?
>
> I found <http://3cx.org/item/46>, which I think tells me how to use
> mod_proxy to do the forwarding and SSL encapsulation. That's kind of
> what I was thinking. But can I throw some HTTP authentication on top
> of that, too?
Sure.
<Location /myredirectedurl>
AuthType Basic
AuthName "My Lame WebApp"
AuthUserFile /some/file/location/user.htpasswd
Require valid-user
</Location>
Regards,
--
Christopher Schmidt
Web Developer
More information about the gnhlug-discuss
mailing list