Apache ProxyPass removes Authorization header
I have an Apache server setup as a reverse proxy in front of a some backend servers. One of the backend servers requires basic authentication but somehow Apache seems to remove the Authorization header from the request.
Do I have to configure something special in order to make Apache pass on the Authorization header to the backend server?
My Apache configuration is pretty basic. I only added some proxy directives like:
ProxyRequests Off
ProxyPass /backend-server https://backend.server
SSLProxyEngine on
Answer
You will have to set the proxy-chain-auth environment variable:
If the proxy requires authentication, it will read and consume the proxy authentication credentials sent by the client. With proxy-chain-auth it will also forward the credentials to the next proxy in the chain. This may be necessary if you have a chain of proxies that share authentication information. Security Warning: Do not set this unless you know you need it, as it forwards sensitive information!
http://httpd.apache.org/docs/2.2/mod/mod_proxy_http.html
<Location />
AuthType basic
SetEnv proxy-chain-auth
</Location>