Protecting a Mongrel site with Apache htauth


We have a mongrel site running behind Apache using ProxyBalancer to manage our
cluster. We would like to use HTTP Authentication to restrict access to the
site, but Apache's mod_auth only protects a directory - this is a problem
because ProxyBalancer siphons off all the Rails requests before mod_auth has a
chance to kick in.

Is it possible to restrict access to the site with our current setup?


Is it not possible to have a Location directive instead of Directory
to apply auth to all requests? A while ago I got something like the
following working:

<Location / >
AllowOverride None
AuthName "My Rails App"
AuthType Basic
AuthUserFile "/path/to/file"

<Limit GET POST>
   require valid-user