Something sometimes ignored, is that you can restrict access based on IP on Apache:<p><a href="http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order" rel="nofollow">http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#ord...</a><p>Easy access for everyone, and more importantly REST APIs work out of the box, etc..