diff --git a/templates/etc/varnish.vcl.hbs b/templates/etc/varnish.vcl.hbs
index 14961db..40d0b27 100644
--- a/templates/etc/varnish.vcl.hbs
+++ b/templates/etc/varnish.vcl.hbs
@@ -118,8 +118,10 @@ sub vcl_backend_fetch {
 
   # Restore the original Authorization header we temporarily moved in vcl_recv
   # to allow for caching of some requests with Authorization headers.
-  set bereq.http.Authorization = bereq.http.X-Api-Umbrella-Orig-Authorization;
-  unset bereq.http.X-Api-Umbrella-Orig-Authorization;
+  if(bereq.http.X-Api-Umbrella-Orig-Authorization) {
+    set bereq.http.Authorization = bereq.http.X-Api-Umbrella-Orig-Authorization;
+    unset bereq.http.X-Api-Umbrella-Orig-Authorization;
+  }
 }
 
 sub vcl_backend_response {
diff --git a/test/integration/proxying.js b/test/integration/proxying.js
index cd4fb59..c5b5510 100644
--- a/test/integration/proxying.js
+++ b/test/integration/proxying.js
@@ -1227,4 +1227,33 @@ describe('proxying', function() {
       ], done);
     });
   });
+
+  describe('http basic auth', function() {
+    it('passes the original http basic auth headers to the api backend', function(done) {
+      request.get('http://foo:bar@localhost:9080/info/', this.options, function(error, response, body) {
+        var data = JSON.parse(body);
+        data.basic_auth_username.should.eql('foo');
+        data.basic_auth_password.should.eql('bar');
+        done();
+      });
+    });
+
+    it('passes http basic auth added at the proxy layer to the api backend', function(done) {
+      request.get('http://localhost:9080/add-auth-header/info/', this.options, function(error, response, body) {
+        var data = JSON.parse(body);
+        data.basic_auth_username.should.eql('somebody');
+        data.basic_auth_password.should.eql('secret');
+        done();
+      });
+    });
+
+    it('replaces http basic auth headers passed by the client when the api backend forces its own http basic auth', function(done) {
+      request.get('http://foo:bar@localhost:9080/add-auth-header/info/', this.options, function(error, response, body) {
+        var data = JSON.parse(body);
+        data.basic_auth_username.should.eql('somebody');
+        data.basic_auth_password.should.eql('secret');
+        done();
+      });
+    });
+  });
 });