Hello, I'm struggling a bit with an issue when using Apache as a reverse proxy when needing to use differing Authentication. I've searched for a couple of days now, but nothing matching what I'm seeing has come up.
The scenario is that I am using Apache as a reverse proxy, but sending a sub-path to different backend like so (extremely simplified): <Location "/foo/bar"> ProxyPass http://host2:8080/foo/bar </Location> <Location "/foo"> ProxyPass http://host1.example.com/foo </Location> This works without issue. However, as soon as I try to put authentication on the second location (or more accurately different authentication directives), any request to "/foo/bar" triggers auth: Example: <Location "/foo/bar"> ProxyPass http://host2:8080/foo/bar </Location> <Location "/foo"> AuthType basic AuthName "Restricted" AuthUserFile /usr/local/apache2/.htpasswd Require valid-user ProxyPass http://host1.example.com/foo </Location> In the logs, set to trace8, I see that now apache is matching the REQUEST_URI to the wrong proxy handler: "attempting to match URI path '/foo/bar' against prefix '/foo' for proxying "URI path /foo/bar' matches proxy handler 'proxy: http://host1.example.com/foo/bar'" "authorization result of Require valid-user : denied (no authenticated user)" Without any auth, the logs correctly show the request to `/foo/bar` being routed to the correct proxy handler 'proxy:http://host2:8080/foo/bar'. If anyone has any ideas on why adding auth completely blows up the proxy routing, I'd appreciate it. Otherwise, I'll have to create two proxy servers, just to handle each case.
