Apache 2.4 + PHP-FPM and Authorization headers

by

Various Apache modules will strip the Authorization header, usually for “security reasons”. They all have different obscure settings you can tweak to overrule this behaviour, but you’ll need to determine exactly which module is to blame.

You can work around this issue by passing the header directly to PHP via the env:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

See also Zend Server Windows – Authorization header is not passed to PHP script

In some scenarios, even this won’t work directly and you must also change your PHP code to access $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] rather than $_SERVER['HTTP_AUTHORIZATION']. See When setting environment variables in Apache RewriteRule directives, what causes the variable name to be prefixed with “REDIRECT_”?

More Related Contents:

  1. Why do HTTP servers forbid underscores in HTTP header names
  2. How can I make PHP display the error instead of giving me 500 Internal Server Error [duplicate]
  3. RewriteRule Last [L] flag not working?
  4. Https to http redirect using htaccess
  5. How to CORS-enable Apache web server (including preflight and custom headers)?
  6. What is apache’s maximum url length?
  7. Are square brackets permitted in URLs?
  8. Authorization header missing in django rest_framework, is apache to blame?
  9. Setup HTTP expires headers using PHP and Apache
  10. Who Add “_” Single Underscore Query Parameter?
  11. How can I pre-compress files with mod_deflate in Apache 2.x?
  12. Vagrant’s port forwarding not working [closed]
  13. Authorization header missing in PHP POST request
  14. apache to tomcat: mod_jk vs mod_proxy
  15. Apache is not sending 304 response (if mod_deflate and AddOutputFilterByType is enabled)
  16. How can I replace Apache HTTP code 404 to 200
  17. Redirect HTTP to HTTPS on default virtual host without ServerName
  18. Apache is “Unable to initialize module” because of module’s and PHP’s API don’t match after changing the PHP configuration
  19. Apache + Node.js + mod_proxy. How to route one domain to :3000 and another to :80
  20. Apache + Tomcat: Using mod_proxy instead of AJP
  21. Force HTTPS on certain URLs and force HTTP for all others
  22. Parsing HTTP_RANGE header in PHP
  23. tunneling secure websocket connections with apache
  24. Project Links do not work on Wamp Server
  25. How do I add PHP code/file to HTML(.html) files?
  26. How can I select and upload multiple files with HTML and PHP, using HTTP POST?
  27. www-data permissions?
  28. WAMP 403 Forbidden message on Windows 7
  29. Need to allow encoded slashes on Apache
  30. 500 Internal Server Error?

Leave a Comment