Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    apache not allow authorization header ?

    LAMP
    2
    5
    78
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freetommy last edited by

      Dear,

      I try to request with authorization header.
      ex) Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l

      my LAMP run as api server.

      I try to put
      SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
      in .htaccess
      but not solve.

      maybe, apache not allow authorization header ?

      Would you please any help ?

      Regards,

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        I did a quick test by adding LogLevel trace8 to the apache config. Then, make a curl request - curl -H 'Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l' https://lamp.cloudron.space .

        I see that the header is coming through:

        [Wed Nov 10 18:06:53.830120 2021] [http:trace4] [pid 28] http_request.c(436): [client 98.45.211.194:38584] Headers received from client:
        [Wed Nov 10 18:06:53.830131 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   Host: lamp.cloudron.space
        [Wed Nov 10 18:06:53.830141 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-For: 98.45.211.194
        [Wed Nov 10 18:06:53.830151 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Host: lamp.cloudron.space
        [Wed Nov 10 18:06:53.830161 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Port: 443
        [Wed Nov 10 18:06:53.830171 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Proto: https
        [Wed Nov 10 18:06:53.830180 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Ssl: on
        [Wed Nov 10 18:06:53.830190 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   Connection: close
        [Wed Nov 10 18:06:53.830219 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   user-agent: curl/7.68.0
        [Wed Nov 10 18:06:53.830231 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   accept: */*
        [Wed Nov 10 18:06:53.830242 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l
        

        Maybe some apache/php configuration?

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          As a next step, changing the LogFormat makes it print:

              LogFormat "%{X-Forwarded-For}i %{Authorization}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
          

          I see in the logs:

          98.45.211.194 Bearer YWxhZGRpbjpvcGVuc2VzYW1l - - [10/Nov/2021:18:11:24 +0000] "GET / HTTP/1.1" 401 52 "-" "curl/7.68.0"
          
          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            ... and the header mysteriously disappears when it hits PHP.

            <?php
            print_r($_SERVER);
            ?>
            

            Output does not have Authorization header.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @freetommy last edited by

              @freetommy mm, I assumed what you tried didn't work. It works for me.

              I put the below in /app/data/.htaccess (placing this in /app/data/apache/app.conf inside VirtualHost also works:

               SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
              

              Restart the app. Then, I see the header passed on to PHP:

                  [HTTP_AUTHORIZATION] => Bearer YWxhZGRpbjpvcGVuc2VzYW1l
              

              For future reference, this also worked (in apache config):

                  RewriteEngine On
                  RewriteCond %{HTTP:Authorization} ^(.*)
                  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
              
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Powered by NodeBB