How to Resolve Authorization Headers Issue with Apache 2.4 and PHP-FPM?

Authorization Headers Issue with Apache 2.4, PHP-FPM

Apache 2.4's mod_proxy and PHP-FPM have been reported to encounter issues in passing Authorization headers, hindering applications that rely on them. This problem has been attributed to various Apache modules that modify these headers for security reasons.

Possible Solutions:

To resolve this issue, consider the following solutions:

1. Identify the Culprit Module:

Determine which Apache module is responsible for stripping the Authorization headers. This can be a complex task as multiple modules may be involved.

2. Tweak Module Settings:

Once the responsible module is identified, explore its settings to find obscure options that can be adjusted to preserve the Authorization headers. However, these settings may vary depending on the module.

3. Pass Header Directly to PHP:

As a workaround, pass the header directly to PHP using the env variable:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=

4. Modify PHP Code:

In certain scenarios, directly passing the header may not suffice. Additionally, modify your PHP code to access $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] instead of $_SERVER['HTTP_AUTHORIZATION'].

The above is the detailed content of How to Resolve Authorization Headers Issue with Apache 2.4 and PHP-FPM?. For more information, please follow other related articles on the PHP Chinese website!