4

I have an Apache server setup as a reverse proxy in front of a some backend servers. One of the backend servers requires basic authentication but somehow Apache seems to remove the Authorization header from the request.

Do I have to configure something special in order to make Apache pass on the Authorization header to the backend server?

My Apache configuration is pretty basic. I only added some proxy directives like:

ProxyRequests Off
ProxyPass /backend-server https://backend.server

SSLProxyEngine on
Gert-Jan
  • 752
  • 1
  • 8
  • 21

2 Answers2

3

You will have to set the proxy-chain-auth environment variable:

If the proxy requires authentication, it will read and consume the proxy authentication credentials sent by the client. With proxy-chain-auth it will also forward the credentials to the next proxy in the chain. This may be necessary if you have a chain of proxies that share authentication information. Security Warning: Do not set this unless you know you need it, as it forwards sensitive information!

http://httpd.apache.org/docs/2.2/mod/mod_proxy_http.html

<Location />
    AuthType basic
    SetEnv proxy-chain-auth 
</Location>
Nidhi
  • 858
  • 4
  • 9
  • Thanks for reply. Turns out that it's not the proxy-chain-auth, but some other component in our network. – Gert-Jan Jun 28 '16 at 08:32
1

It turns out that it's not Apache that removed the Authorization header, but some other firewall component in our network.

We changed a setting in the firewall and now the ProxyPass directive above works just fine!

Gert-Jan
  • 752
  • 1
  • 8
  • 21