I'm not sure where's the best place for this, so I'm "guessing" here...

I'm trying to implement HTTP Basic Authentication from a PHP script. I want to check login from the database and do some other housekeeping. According to documentation, this should work:

PHP: HTTP authentication with PHP - Manual

But unfortunately, I'm not running PHP as an apache module, but as FPM/FastCGI. I've confirmed the proper headers are in the request, but they don't come through. (I know my .htaccess file is being used because I am re-routing requests to my auth.php file) The docs suggest the following changes to the .htaccess file (2 separate workarounds) to get the info in the script (and then I'd have to do some coding to break it apart, etc. but that won't be a problem):


SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
This didn't work, I'm not getting the information in the script. So I tried the second workaround:

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
but that didn't work either. My suspicion is that apache is configured to whitelist only a small set of headers, but I know almost nothing about that side. Anybody have an idea of what else I could try?