Various Apache modules can strip “Authorization: Basic base64(user:passwd)” header.

The following solution found on the internet is wrong, because it will set $_SERVER[‘REDIRECT_HTTP_AUTHORIZATION’] and not the required $_SERVER[‘HTTP_AUTHORIZATION’]:

RewriteRule .* index.php [QSA,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

The proper solution is to pass the required header directly to PHP backend via the env:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Add this line to .httaccess or to <VirtualHost> of httpd.conf, don’t forget that the latter requires restarting Apache.