I need to secure a bunch of web apps on separate internal servers for accessing from the internet, and it seems that a reverse proxy is probably a decent way of doing this. The problem is going to be authentication as I want to put front end security on the proxy (so unauthenticated users can't touch my apps with their own dubious security) but some of the apps require their own username and password, potentially different to the proxy. This won't work using conventional web security obviously, so I'll need to get a little creative. What I was thinking is something that goes like this: . User goes to apps.company.com.au/auth and enters username + password . Proxy validates credentials and sets a cookie . The Proxy validates the cookie for each request then 'eats' it before passing the request to the internal server . Any access without the set cookie gets redirected to the /auth page for authentication . Apps are accessed via apps.company.com.au/appname My google-fu is weak just lately though and I can't find anything that might do what I want... the reverse proxy part is fine (squid or apache) but not the front end authentication layer. The docs for mod_proxy (which I've used before) don't seem to suggest that I can do it that way. Any suggestions? Thanks James