Zabbix Apache configuration doesn't correctly handle authorization headers in some circumstances to allow Nagstamon to access the API for monitoring #1004
Description
https://www.zabbix.com/documentation/7.0/en/manual/installation/known_issues
Authorization header forwarding
In some cases, Apache or NGINX may prevent the Authorization header in API requests from reaching Zabbix. This can cause authentication issues when using Zabbix API or single sign-on (SSO) services, such as SAML with Okta.
To address this, update your web server's configuration.
For Apache, if you are using it as a reverse proxy (non-CGI setup), add the following directive to /etc/httpd/conf/httpd.conf (on RHEL-based systems) or /etc/apache2/apache2.conf (on Debian/Ubuntu):
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
Tested on:
Apache 2.4+
RedHat 9
Manual adding the SetEnvIfNoCase block as per the above article directly to the end of /etc/httpd/conf/httpd.conf in RedHat based Apache instances handles authorization headers correctly as this bypasses the other vhosts, definitely a work around. Would be good to have added to the vhosts created by the puppet classes to remove this manual work around.