I need to create a "maintenance mode" reverse proxy that can be easily toggled between "open" (allow all connections) to "maintenance" (only allow connections from AD users in a specific security group).
Maintenance mode should be easily toggled (perhaps through a specific URL on the proxy, or even SSHing into the reverse proxy and running a command or changing a file, but no more complicated than that).
If maintenance mode is active, all connections should be presented with an AD login dialog, and their credentials should be checked against a security group. This will allow us to permit connections from IT, while keeping end users out of the website which may be unstable. If a user has access, they will be redirected to the server, and if not, they will be shown an HTML page on the proxy server.
I have experience with Nginx, and researched solutions regarding it. I could only find solutions for AD authentication, not authorization, though. Nginx is preferred, but other freeware for Linux would be alright.