Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

apache not allow authorization header ?

LAMP

2

5

93

Log in to reply

F
freetommy last edited by

Dear,

I try to request with authorization header.
ex) Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l

my LAMP run as api server.

I try to put
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
in .htaccess
but not solve.

maybe, apache not allow authorization header ?

Would you please any help ?

Regards,
1 Reply Last reply
Reply Quote 0

girish Staff

I did a quick test by adding LogLevel trace8 to the apache config. Then, make a curl request - curl -H 'Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l' https://lamp.cloudron.space .

I see that the header is coming through:

[Wed Nov 10 18:06:53.830120 2021] [http:trace4] [pid 28] http_request.c(436): [client 98.45.211.194:38584] Headers received from client:
[Wed Nov 10 18:06:53.830131 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   Host: lamp.cloudron.space
[Wed Nov 10 18:06:53.830141 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-For: 98.45.211.194
[Wed Nov 10 18:06:53.830151 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Host: lamp.cloudron.space
[Wed Nov 10 18:06:53.830161 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Port: 443
[Wed Nov 10 18:06:53.830171 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Proto: https
[Wed Nov 10 18:06:53.830180 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   X-Forwarded-Ssl: on
[Wed Nov 10 18:06:53.830190 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   Connection: close
[Wed Nov 10 18:06:53.830219 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   user-agent: curl/7.68.0
[Wed Nov 10 18:06:53.830231 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   accept: */*
[Wed Nov 10 18:06:53.830242 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584]   authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l

Maybe some apache/php configuration?

girish Staff

As a next step, changing the LogFormat makes it print:

    LogFormat "%{X-Forwarded-For}i %{Authorization}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

I see in the logs:

98.45.211.194 Bearer YWxhZGRpbjpvcGVuc2VzYW1l - - [10/Nov/2021:18:11:24 +0000] "GET / HTTP/1.1" 401 52 "-" "curl/7.68.0"

girish Staff last edited by
... and the header mysteriously disappears when it hits PHP.
```
<?php
print_r($_SERVER);
?>
```
Output does not have Authorization header.
1 Reply Last reply
Reply Quote 0
girish Staff @freetommy last edited by
@freetommy mm, I assumed what you tried didn't work. It works for me.

I put the below in /app/data/.htaccess (placing this in /app/data/apache/app.conf inside VirtualHost also works:
```
 SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
```
Restart the app. Then, I see the header passed on to PHP:
```
    [HTTP_AUTHORIZATION] => Bearer YWxhZGRpbjpvcGVuc2VzYW1l
```
For future reference, this also worked (in apache config):
```
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
```
1 Reply Last reply
Reply Quote 0

1 / 1