In the docs you cited, it says:
"ProxyPass happens before the authentication phase, so you do not have to worry about authenticating twice."
Hmmm, I thought you had an opportunity to do access control first.
Look at this, from the mod_proxy docs: http://httpd.apache.org/docs/mod/mod_proxy.html#access
That shows use of mod_access. With mod_access, you can deny all requests that don't have a particular environment variable set. You should be able to code a module which sets that environment variable based on your auth system.
However, I could be wrong about this since I've never looked at the mod_proxy source.
If mod_proxy won't work, it is possible to do the whole thing in Perl. Take a look at the modules listed here:
http://theoryx5.uwinnipeg.ca/mod_perl/cpan-search?search=apache+proxy&new=Search&filetype=+distribution+name+or+description&site=ftp.funet.fi&join=and&stem=no&arrange=file&case=clike&download=auto&age=
- Perrin
