lately I faced the problem to publish the cam application on a public IP address, to be accessible from outside the company. Obviously the access had to be password protected.
First I installed mod_proxy and I configured it to make the internal site published. But I suddenly realized it wasn't enough - the site referenced many images using absolute URLs, and that URLs were not accessible from outside. So I had to translate them to the right path, through the proxy. Inside VirtualHost, I had:
ProxyPass / http://cams.cpsoftware.priv:8080/
ProxyPassReverse / http://cams.cpsoftware.priv:8080/
Then I added a <Location /> and inside a simple Substitute:
<Location />
AddOutputFilterByType SUBSTITUTE text/html
Substitute s/.priv:8080/.it/ni
</Location>
The security part gave me some problem, 'cos I had to figure out how to combine authentication and referer check, in optional logic. Satisfy directive did the magic.
SetEnvIf REFERER "http://userv\.blogdns\.net" allowed_referer
<Location />
AddOutputFilterByType SUBSTITUTE text/html
Substitute s/.priv:8080/.it/ni
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www.auth/.htpasswd
AuthGroupFile /var/www.auth/.htgroups
Require group cams
Order Allow,Deny
Allow from Env=allowed_referer 192.168.0.0/255.255.248.0
Satisfy any
</Location>
SetEnvIf set the env if the right referer is passed (ok, I know it's easy to trick referer, but it was enough for my purposes), and AuthType/Require use authentication. The line Satisfy any simply say that it is enough to satisfy one of the listed conditions to allow access to the resources.