HTTP Basic Auth question

Francis Daly francis at
Thu May 9 22:24:46 UTC 2013

On Thu, May 09, 2013 at 12:55:22PM -0700, Russ Lavoy wrote:

Hi there,

> I have tried the following configuration which does not seem to work at all.
> proxy_hide_header Authorization;
> proxy_set_header Authorization "$remote_user";|

What did you do; what did you see; what did you expect to see?

> I can still sniff the traffic on lo and get the base64 user:pass.  The interesting thing is I do not see the Authorization header being sent to the django app whatsoever.  Is there a way I can totally remove the header even at the loop back level so it is not able to get intercepted?

I don't understand what it is that you are trying to do, that you have
not yet done.

You seem to say that you do see the Authorization header and that you
don't see the Authorization header, so I presume I'm misreading something.

Can you provide a simple nginx configuration that I can use to replicate
whatever the problem is?

Francis Daly        francis at

More information about the nginx mailing list