I've got a http fundamental guaranteed website. I hide a tomcat application server with mod_proxy. Can One take away the http fundamental header? The tomcat application reads the header and returns 401 not approved. Fundamental auth is not needed since the application uses cookie periods. And So I think just getting rid of the headers could be fine.
Any ideas if that's possible?
Make certain mod_headers is enabled. A good example config:
<VirtualHost *:80> ServerName something.example.com ServerAdmin email@example.com ProxyRequests Off ProxyPreserveHost Off AllowEncodedSlashes On KeepAlive Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> AuthType Basic AuthName "Authorized Users Only" AuthUserFile /etc/apache2/passwd Require valid-user </Location> RequestHeader unset Authorization ProxyPass / http://localhost:5984/ example ProxyPassReverse / http://localhost:5984/ ErrorLog /var/log/apache2/something.example.com-error_log CustomLog /var/log/apache2/something.example.com-access_log common </VirtualHost>
Hey I simply had exactly the same trouble with Apache before another Java server attempting to do fundamental auth, adding the next to my Apache conf appeared to repair it:
RequestHeader unset Authorization