Mitigate env HTTP_PROXY via cgi proxy header

author Grant Slater <git@firefishy.com>

Mon, 18 Jul 2016 15:43:49 +0000 (16:43 +0100)

committer Grant Slater <git@firefishy.com>

Mon, 18 Jul 2016 15:44:17 +0000 (16:44 +0100)
author Grant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:43:49 +0000 (16:43 +0100)
committer Grant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:44:17 +0000 (16:44 +0100)
diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb

index 66d9dd83709253b541e0ba9e0907b329b2ce2a62..4fcbf9b478a16d66b08a8d4710d823fd7c7c385b 100644 (file)
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -30,6 +30,9 @@
    # will always work and can be cached
    Header set Access-Control-Allow-Origin "*"
  
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
    # Enable the rewrite engine
    RewriteEngine on
  
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb

index 1a3f9cfa3830cf2f66118b6f26fff56e61a6c0c3..ad5158d5e0d44961c0df837f29cbe89ee5830413 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -35,6 +35,11 @@
    #
    RequestHeader set X-Request-Id %{UNIQUE_ID}e
  
+  #
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  #
+  RequestHeader unset Proxy early
+
    #
    # Block troublesome GPX data scrapping
    #
author	Grant Slater <git@firefishy.com>
	Mon, 18 Jul 2016 15:43:49 +0000 (16:43 +0100)
committer	Grant Slater <git@firefishy.com>
	Mon, 18 Jul 2016 15:44:17 +0000 (16:44 +0100)
cookbooks/tile/templates/default/apache.erb		patch \| blob \| history
cookbooks/web/templates/default/apache.frontend.erb		patch \| blob \| history