HTTP Authorization header is missing

If the HTTP Authorization header is missing it could miss in the HTTP request, but it could also not get passed on to PHP.

PHP-CGI under Apache does not pass HTTP Basic user/pass to PHP by default.

Various Apache modules will strip the Authorization header, usually for “security reasons”. They all have different obscure settings you can tweak to overrule this behaviour, but you’ll need to determine exactly which module is to blame.

Rich on Stack Overflow –

For this workaround to work, add on of these lines to your .htaccess file:


CGIPassAuth on


SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1


RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Other related resources