S3 and apache mod_proxy with basic authentication

Question

I'd like to redirect to my S3 bucket in SSL with a basic authentication for some of my files (apk files) with the apache mod_proxy. SSL and mod_proxy perfectly work, but basic authentication is ignored.

<VirtualHost *:443>
        ServerName resources.mydomain.jp

        <FilesMatch "\.apk$">
          Order deny,allow
          SetEnvIf User-Agent ".*Android.*" allow_ag
          Options FollowSymLinks
          Allow from env=allow_ag
          Deny from all
          AuthType Basic
          AuthName "Secret Zone"
          AuthUserFile /etc/httpd/.htpasswd
          Require user xxx_customer
        </FilesMatch>


        SSLEngine on
        SSLProxyEngine on
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
        SSLCertificateFile conf.d/xxx.cer
        SSLCertificateKeyFile conf.d/xxx.key
        SSLCACertificateFile conf.d/xxx.cer

        ProxyPass / http://resources.mydomain.jp.s3-website-ap-zone-1.amazonaws.com/
        ProxyPassReverse / http://resources.mydomain.jp.s3-website-ap-zone-1.amazonaws.com/

    </VirtualHost>

By the way, the same "FileMatch" is used for another VirtualHost and works normally....

apache info :

$ httpd -v
Server version: Apache/2.4.12 (Amazon)
Server built:   Mar 18 2015 20:24:15

Thank you

Answer 1

<FilesMatch> only matches files in the physical filesystem, not the last component of the URL that you might think of as the filename. Since you are proxying, no URL's are mapped to the filesystem.

Try <LocationMatch>

Some more cleanups needed:

• explicitly set "Satisfy Any"
• Change "Order deny,allow" to "Order allow,deny" (this means deny by default)
• Remove "Deny" (no longer necessary, simplifies ordering issues with Allow from env=...)