dev: Mitigate env HTTP_PROXY via cgi proxy header
authorGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 16:04:24 +0000 (17:04 +0100)
committerGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 16:04:24 +0000 (17:04 +0100)
cookbooks/dev/templates/default/apache.phppgadmin.erb
cookbooks/dev/templates/default/apache.user.erb

index b6a7f9197284ee5de56b7ca83464cac08a97471f..bf3d0b5c73012fda93b3ae8a54ad98b25bae249f 100644 (file)
@@ -9,6 +9,9 @@
 
        DocumentRoot /usr/share/phppgadmin
 
+       # Remove Proxy request header to mitigate https://httpoxy.org/
+       RequestHeader unset Proxy early
+
        ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
        ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
        ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
index f6afd675d0ee873595ce4872e06be6fbc0ff86a1..37ba4e460d3281bc73c9156ecf9dbbc617b15e6f 100644 (file)
@@ -7,6 +7,9 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        ServerAdmin webmaster@openstreetmap.org
        ServerAlias <%= @user %>.dev.osm.org
 
+       # Remove Proxy request header to mitigate https://httpoxy.org/
+       RequestHeader unset Proxy early
+
        UseCanonicalName Off
        DocumentRoot <%= @directory %>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/