You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tyler Wilson <ku...@linuxdigital.net> on 2013/12/30 20:09:31 UTC
[users@httpd] Auth Headers Not Forwarding to ProxyPass (php-fpm)
Hey All,
I've been beating my head against this for a while; does anyone have any
experience with getting Basic Auth headers forwarded to fcgi from ProxyPass?
Here's my application versions:
Apache 2.4.6
php-fpm (fpm-fcgi) 5.3.3
centos 6.5
Here's my method of testing for the headers;
<?php
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="Test Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "<PRE>"; print_r($_SERVER); echo "<PRE>";
echo 'Text to send if user hits Cancel button';
exit;
}
else
{
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your
password.</p>";
}
?>
>From poking around stack* I've found a few proposed solutions, none of
which seem to solve the problem;
1. Adding a mod_rewrite to copy the headers to new env's;
Source: http://stackoverflow.com/questions/3663520/php-auth-user-not-set
2. Adding 'FcgidPassHeader Authorization' to the vhost config (in an
IfModule).
Source:
http://stackoverflow.com/questions/17488656/zend-server-windows-authorization-header-is-not-passed-to-php-script
(And
others)
3. Adding 'SetEnvIf Authorization' to .htaccess/directory/vhost
Source:
http://stackoverflow.com/questions/17488656/zend-server-windows-authorization-header-is-not-passed-to-php-script
It seems the previous versions using mod_fcgi used a '-pass-header
Authorization', is there no equal in the ProxyPass world? eg:
FastCgiExternalServer
/usr/lib/cgi-bin/php5-fcgi -socket /tmp/php5-fpm.sock -pass-header
Authorization
For reference, my current vhost is configured ProxyPass with;
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
127.0.0.1:9000/var/www/virtual/my.domain.com/public_html/$1
Here is a dump of the current $_SERVER variables passed when doing the
above php test;
Array
(
[USER] => username
[HOME] => /home/username
[FCGI_ROLE] => RESPONDER
[HTTPS] => on
[SSL_TLS_SNI] => my.domain.com
[proxy-nokeepalive] => 1
[HTTP_HOST] => my.domain.com
[HTTP_CONNECTION] => keep-alive
[HTTP_ACCEPT] =>
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63
Safari/537.36
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_COOKIE] => UBERSID=v1lg6fbgvt149ka047rgv6hgb3;
__utma=188222188.1000476125.1386093376.1386116540.1386141779.6;
__utmc=188222188;
__utmz=188222188.1386093376.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache/2.4.6 (Unix)
[SERVER_NAME] => my.domain.com
[SERVER_ADDR] => (Filtered)
[SERVER_PORT] => 443
[REMOTE_ADDR] => (Filtered)
[DOCUMENT_ROOT] => /var/www/virtual/my.domain.com/public_html
[REQUEST_SCHEME] => https
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /var/www/virtual/my.domain.com/public_html
[SERVER_ADMIN] => [no address given]
[SCRIPT_FILENAME] => /var/www/virtual/my.domain.com/public_html/test.php
[REMOTE_PORT] => 64603
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test.php
[SCRIPT_NAME] => /test.php
[PHP_SELF] => /test.php
[REQUEST_TIME] => 1388430291
)
Any assistance would be greatly appreciated.