I have a PHP application which needs to perform HTTP Basic authentication independently of the containing Apache server.

On linux machines, with php installed via apt-get php, I find that the Authorization header does not appear in $_SERVER, but is available via apache_request_headers() or getallheaders().

On a Windows development machine, with Zend Server 6.1.0 / PHP 5.4, I am unable to get the Authorization header value from inside PHP by any of the above methods. How can I get its value?

mod_fcgid?

I haven't been able to determine it for sure, but it seems like Zend Server may use FCGI to dispatch Apache requests to PHP (for example, the variable PHP_FCGI_MAX_REQUESTS appears in $_SERVER).

If that were true, it would explain my problem, as mod_fcgid deliberately witholds the Authorization header from apps, see http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidpassheader

I tried adding

FcgidPassHeader Authorization

to my apache httpd.conf, but it just complained that:

Invalid command 'FcgidPassHeader', perhaps misspelled or defined by a module not included in the server configuration

mod_fastcgi?

Similarly, perhaps Zend is using mod_fastcgi? Based on this page http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html#FastCgiConfig I tried adding the following to my apache httpd.conf:

FastCgiConfig -pass-header Authorization

again, it just complained that:

Invalid command 'FastCgiConfig', perhaps misspelled or defined by a module not included in the server configuration

I found that I can work around this by adding the following to the apache config on Windows:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

This adds a HTTP_AUTHORIZATION key to the $_SERVER global, just as if the Authorization header had been passed through by Apache.