I've got a http fundamental guaranteed website. I hide a tomcat application server with mod_proxy. Can One take away the http fundamental header? The tomcat application reads the header and returns 401 not approved. Fundamental auth is not needed since the application uses cookie periods. And So I think just getting rid of the headers could be fine.

Any ideas if that's possible?



Make certain mod_headers is enabled. A good example config:

<VirtualHost *:80>
        ServerName something.example.com
        ServerAdmin admin@example.com

        ProxyRequests Off
        ProxyPreserveHost Off
        AllowEncodedSlashes On
        KeepAlive Off

        <Proxy *>
            Order deny,allow
            Allow from all

        <Location />
                AuthType Basic
                AuthName "Authorized Users Only"
                AuthUserFile /etc/apache2/passwd
                Require valid-user

        RequestHeader unset Authorization
        ProxyPass / http://localhost:5984/ example
        ProxyPassReverse / http://localhost:5984/

        ErrorLog /var/log/apache2/something.example.com-error_log
        CustomLog /var/log/apache2/something.example.com-access_log common

Hey I simply had exactly the same trouble with Apache before another Java server attempting to do fundamental auth, adding the next to my Apache conf appeared to repair it:

RequestHeader unset Authorization