I’m purely pointing to a blog post by Jamie Krug (@jamiekrug), who is getting a huge man hug from me today. It saved me from a firestorm where a dev url was posted publicly but wasn’t password protected (lazy me!). Apache wasn’t playing nice since it passed off the ColdFusion files to Tomcat. Just before I went crazy with Tomcat changes…I found this. I hope it helps someone else.

http://jamiekrug.com/blog/index.cfm/2009/8/6/apache-authentication-with-proxy