Mod_rewrite and http auth aren't working together - apache2

Rails Deployment
1

Hi all,

I have a Rails app that I’d like to protect with basic http
authentication. I’m using SSL too, but I’ve verified the problem is the
same without the SSL configuration options, so I’ll leave that out of
this problem report.

Setup: Apache v2.2.4 + mod_proxy_balancer + 1 mongrel instance (v1.0.4).

I’m using the apache configuration below, which requires basic
authentication to access the Rails site’s public/ directory. The Rails
app works fine, and I am in fact prompted for a username and password
before I can access the app.

BUT, it turns out that if you simply hit cancel a dozen or so time at
the http auth prompt, you can view my Rails app anyway (!). My app will
then appear without any CSS styling. I’m pretty certain my mod_proxy
rules are overridding my http auth rules somehow.

Now I have tried putting the mod_proxy rules inside my
section, and that correctly will prevent access
if http authentication doesn’t succeed, but then my app blows up with
all sorts of weird errors (unable to access the sessions tmp files, even
though they’re chmod 0666).

Any ideas?

Thanks,

Scott

<Proxy balancer://myapp>
BalancerMember http://127.0.0.1:14000

<VirtualHost *:80>
ServerName myapp.mydomain.com
DocumentRoot “/var/www/html/myapp.mydomain.com/current/public”

    <Directory "/var/www/html/myapp.mydomain.com/current/public">
            Options FollowSymLinks
            AllowOverride All

            # Require htaccess user authentication by default
            Authtype basic
            AuthName "MyApp"
            AuthUserFile /var/www/passwd/htpasswd.master
            AuthGroupFile /var/www/passwd/groups.master
            Require group myapp
    </Directory>

    # Rails mod_rewrite rules
    RewriteEngine On

    # Check for maintenance file and redirect all requests
    RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
    RewriteCond %{SCRIPT_FILENAME} !maintenance.html
    RewriteRule ^.*$ /system/maintenance.html [L]

    # Rewrite index to check for static
    RewriteRule ^/$ /index.html [QSA]

    # Rewrite to check for Rails cached page
    RewriteRule ^([^.]+)$ $1.html [QSA]

    # Redirect all non-static requests to cluster
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule ^/(.*)$ balancer://myapp%{REQUEST_URI} [P,QSA,L]