How do i configure Apache to ensure that: * it enables any user if Authorization header is not set * if Authorization header is placed, it takes valid user.

Quite simply, to ensure that request handler could be utilized by anybody but always will easily notice exactly whether it's utilized by approved user or other people (while Apache handles the authorization process).