Apache - Request Authorization Header

[Josh Fake]

I am in the process of generating an endpoint that has to be created based off of our clients' vendor specifications.  With this the authorization is set as basic in a base64 string of <account>:<username>:<password>. 

Using Apache as what the client already has configured on their server, when I post an example to my endpoint with the Authorization Header such as Authorization: Basic VGVzd<ommitted>HdyZA==

Obtained from a Postman Console Log:

GET http://<url>:<port>/itemlookup
Request Headers
Authorization: Basic VGVzd<ommitted>HdyZA==
User-Agent: PostmanRuntime/7.42.0
Accept: */*
Postman-Token: d43aa0e9-bb40-4c8c-8582-4ca2cc0237c8
Host: <url>:<port>
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

When I create a dump of all of the incoming headers and arguments, the authorization string is not passed from pxp.cgi to the program that it is executing.

I know it is obtainable via the Pvx Web Server but the documentation for the global variables in Apache does not mention authorization anywhere.  https://manual.pvxplus.com/PXPLUS/apache/globalvar.htm

Is there a way to obtain the authorization information within Apache that is not documented?
Thank you for your assistance!

[Devon Austen]

Apache by default will strip that out.

If you add:

Code Select Expand

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
to your httpd.conf it will put it back so the pxplus programs can see it.

[Josh Fake]

Thank you Devon! Worked like a charm as I was up all last night scratching my head!!  I owe you a drink at the next Conference!!

Apache by default will strip that out.

If you add:

Code Select Expand

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
to your httpd.conf it will put it back so the pxplus programs can see it.

[Devon Austen]

We had to figure this out for our own PxPlus web services. It is documented as part of the Apache configuration for PxPlus Web Services (https://manual.pvxplus.com/?Web%20Services/Overview.htm#configuration).