I had a problem where for some reason my restful services protected by an api key were not working.
I couldn’t understand why mmmm what have I changed, oh yes I updated Apache so lets dig further.
After some debugging I found that the HTTP header variable I was sending was not there …..but hang on I’m sending it in the code I can see it…. variable ‘API_KEY’
I then looked up about the changes in Apache and you never guess what, later apache versions drop invalid header names that contain underscores.
Here is reference for anyone http://httpd.apache.org/docs/trunk/new_features_2_4.html
mod_cgi, mod_include, mod_isapi, … Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)
and we can always look at the standards
http://tools.ietf.org/html/rfc7230#section-3.2 “3.2.6. Field Value Components”
If you want to work around it you can view some pointers provided by apache documents
but, for me I can live with this and simple rename my variables to have a dash instead (API-KEY) phew everything is working again…
Hope that helps.