Mitigate env HTTP_PROXY via cgi proxy header
authorGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:43:49 +0000 (16:43 +0100)
committerGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:44:17 +0000 (16:44 +0100)
cookbooks/tile/templates/default/apache.erb
cookbooks/web/templates/default/apache.frontend.erb

index 66d9dd8..4fcbf9b 100644 (file)
@@ -30,6 +30,9 @@
   # will always work and can be cached
   Header set Access-Control-Allow-Origin "*"
 
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
   # Enable the rewrite engine
   RewriteEngine on
 
index 1a3f9cf..ad5158d 100644 (file)
   #
   RequestHeader set X-Request-Id %{UNIQUE_ID}e
 
+  #
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  #
+  RequestHeader unset Proxy early
+
   #
   # Block troublesome GPX data scrapping
   #