Apache 2.4 + PHP-FPM and Authorization headers

http php apache mod-proxy apc

Various Apache modules will strip the Authorization header, usually for "security reasons". They all have different obscure settings you can tweak to overrule this behaviour, but you'll need to determine exactly which module is to blame.

You can work around this issue by passing the header directly to PHP via the env:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

See also Zend Server Windows - Authorization header is not passed to PHP script

In some scenarios, even this won't work directly and you must also change your PHP code to access $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] rather than $_SERVER['HTTP_AUTHORIZATION']. See When setting environment variables in Apache RewriteRule directives, what causes the variable name to be prefixed with "REDIRECT_"?


This took me a long time to crack, since it's not documented under mod_proxy or mod_proxy_fcgi.

Add the following directive to your apache conf or .htaccess:

CGIPassAuth on

See here for details.

Related

Execute function after 5 seconds in Android
Uploading Android App Bundle to Google Play Console - key signing error
Replace sequence of a charachter with another one
RSpec: how to test file operations and file content
Taskbar- and Menu-Icons missing after update to Hirsute Hippo (21.4)
Unable to update with "apt-get" getting "429 too many requests" error
No sound Ubuntu 20.04 Lenovo Yoga 7i
restore from entry disk image with dd, to unallocated space or specific partition
How to get the content of a Tinymce textarea with JavaScript
windows like clipboard manager for linux?
Chromium is not open Zoom by xdg-open
Linux - set next boot kernel [duplicate]