Apache Strips off Basic Authorization Header

I shared this in Dallas, with my Webservices presentation, but hadn’t gotten around to making a blog post. Today we had someone that was running into this problem.

What exactly is the issue? When you do a REST request and include a User and Password in the standard parameters that is turned into a Basic Authorization header. One of the ways to secure and authorize your RESTful service is to examine this header and validate it against a user/password table in your database.

You retrieve this header using the WebserviceReadHTTPHeader fuction as follows:

TheValue is string = WebserviceReadHTTPHeader("Authorization")

The issue is that by default Apache strips off the Basic Authorization header and never passes it on to your webservice, and TheValue ends up being blank.

This is an easy fix in Apache, in your virtualhost entry for the site, you need to add the following lines:

RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

If you are not using any Rewrite rules anywhere else in your configuration, you might to to enable the line in your httpd.conf file that includes the module

LoadModule rewrite_module modules/mod_rewrite.so

Once you add the lines don’t forget to restart the apache service so it reads the new configuration.

One thought on “Apache Strips off Basic Authorization Header

  1. Thanks Andy

    El mié., 18 nov. 2020 a las 16:43, wxBlog – All things wx – Covering pcSoft products (WINDEV, WEBDEV, WINDEV Mobile) () escribió:

    > Pete Halsted posted: ” I shared this in Dallas, with my Webservices > presentation, but hadn’t gotten around to making a blog post. Today we had > someone that was running into this problem. What exactly is the issue? When > you do a REST request and include a User and Passwo” >

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s