Protecting a Mongrel site with Apache htauth


We have a mongrel site running behind Apache using ProxyBalancer to manage our cluster. We would like to use HTTP Authentication to restrict access to the site, but Apache's mod_auth only protects a directory - this is a problem because ProxyBalancer siphons off all the Rails requests before mod_auth has a chance to kick in.

Is it possible to restrict access to the site with our current setup?

Thanks, Gareth

Is it not possible to have a Location directive instead of Directory to apply auth to all requests? A while ago I got something like the following working:

<Location / > AllowOverride None AuthName "My Rails App" AuthType Basic AuthUserFile "/path/to/file"

<Limit GET POST>    require valid-user </Limit> </Location>