Please help to set up a protection for Tomcat app with .htaccess.
I want to use mod_proxy ProxyPass and ProxyPassReverse
My tomcat app: www.example.com:8085
What I want is to make it impossible to access the Tomcat app without going through Apache auth first.
Based on the fact tomcat and apache are on same server (else, you need to setup a firewall in front of tomcat which will accept connections to tomcat only from apache server) and your context is named app
Configure tomcat to listen only on localhost (edit server.xml file)
<Connector port="8080" protocol="HTTP/1.1" address="127.0.0.1" /> Configure apache for proxy and auth.
#httpd.conf <Location /app> # Authentication AuthType Basic AuthName "Restricted access" AuthUserFile /usr/local/apache/passwd/passwords Require valid-user # Proxy to tomcat ProxyPass /app http://127.0.0.1:8080/ ProxyPassReverse /app http://127.0.0.1:8080/ </Location> 