> My first thoughts were to use mod_proxy to forward requests for > /protected/login to the backend, where the authentication will be done. > Then, just redirect the request to another URL behind /protected. The > authentication information should be passed as part of the request, should > it not?
Sure, but your proxy server won't be checking to see what it is. People could go to any of your proctected pages freely if they know the URL. Sounds like you're going to a lot of trouble to avoid using standard auth to me. There are a number of auth modules out there which don't need mod_perl, and you may find one that will play nicely with your backend programs. Modules that auth against MySQL or LDAP servers exist. If you're determined to do auth on the backend, I would just let the backend do the auth and serving of the static pages. It will dump them out fast and let the proxy servers do the slow work of dribbling the bytes out to clients. - Perrin
