Apache + fast CGI issues

  • Hi, I am using apache 2.4 plus PHP-FPM setup.

    This setup has some issues with basic authentication headers that are cut by Apache and PHP knows nothing about auth attempts. I guess all FastCGI modes are behaving similar.

    My solution after some hours of research is:
    – setup this in the .htaccess file, in order to pass the authorization header directly to PHP

    # BEGIN WordPress
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
...

    Then in your Application_Passwords class I had to edit like this:

    	public static function rest_api_auth_handler( $input_user ){
		// Don't authenticate twice
		if ( ! empty( $input_user ) ) {
			return $input_user;
		}

		if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
		{
			list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
		}
		
		// Check that we're trying to authenticate
		if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
			return $input_user;
		}
...
Viewing 1 replies (of 1 total)
  • Thread Starter Richard Vencu

    (@rvencu)

    So it may be nice if you include code to treat this kind of setup so updating the module would not become a nightmare in the future.

Viewing 1 replies (of 1 total)
  • The topic ‘Apache + fast CGI issues’ is closed to new replies.