How to Pass Authorization Headers from Apache 2.4 to PHP-FPM?

Apache 2.4 PHP-FPM: Handling Authorization Headers

Apache 2.4's mod_proxy_fcgi, commonly used to proxy requests to PHP-FPM, may encounter issues passing Authorization headers to the external FastCGI process. This can prevent users from accessing certain features, such as APC's user cache monitor.

Cause

Various Apache modules may strip the Authorization header for perceived security reasons. Identifying the specific module responsible can be challenging.

Workaround with SetEnvIf

To circumvent this issue, you can pass the header directly to PHP via the env:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=

Additional Considerations

In some cases, passing the header via the env may not be sufficient. You may also need to modify your PHP code to access the Authorization header from $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] instead of $_SERVER['HTTP_AUTHORIZATION'].

Alternative Solution

If the SetEnvIf workaround proves ineffective, another possible solution is to examine the Apache configuration for settings related to header passing.

Conclusion

Passing Authorization headers from Apache 2.4 to PHP-FPM can be problematic, but by understanding the potential causes and implementing appropriate workarounds, you can ensure that users have access to the necessary features and functionality.

The above is the detailed content of How to Pass Authorization Headers from Apache 2.4 to PHP-FPM?. For more information, please follow other related articles on the PHP Chinese website!