Apache ProxyPass removes Authorization header

Question

I have an Apache server setup as a reverse proxy in front of a some backend servers. One of the backend servers requires basic authentication but somehow Apache seems to rem

Answer 1

You will have to set the proxy-chain-auth environment variable:

If the proxy requires authentication, it will read and consume the proxy authentication credentials sent by the client. With proxy-chain-auth it will also forward the credentials to the next proxy in the chain. This may be necessary if you have a chain of proxies that share authentication information. Security Warning: Do not set this unless you know you need it, as it forwards sensitive information!

http://httpd.apache.org/docs/2.2/mod/mod_proxy_http.html

<Location />
    AuthType basic
    SetEnv proxy-chain-auth 
</Location>

Answer 2

It turns out that it's not Apache that removed the Authorization header, but some other firewall component in our network.

We changed a setting in the firewall and now the ProxyPass directive above works just fine!