My main application uses a Tomcat for the frontend. To bind my domain to it, I use apache for it.
I also have setup a extra authentication through apache for some sites, so only the staff can access them and they are ip restricted. To prevent that the apache authentication does not get forwared to the tomcat, I put RequestHeader unset Authorization in my config. Until now everything works great.
Now I implemented a rest api with oauth2. This uses the Authorization Header too, but apache removes it.
Is there a way to not forward the apache authentication to the tomcat? But keep the application authentication in the header?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
