Mitigate env HTTP_PROXY via cgi proxy header
authorGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:43:49 +0000 (16:43 +0100)
committerGrant Slater <git@firefishy.com>
Mon, 18 Jul 2016 15:44:17 +0000 (16:44 +0100)
cookbooks/tile/templates/default/apache.erb
cookbooks/web/templates/default/apache.frontend.erb

index 66d9dd83709253b541e0ba9e0907b329b2ce2a62..4fcbf9b478a16d66b08a8d4710d823fd7c7c385b 100644 (file)
@@ -30,6 +30,9 @@
   # will always work and can be cached
   Header set Access-Control-Allow-Origin "*"
 
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
   # Enable the rewrite engine
   RewriteEngine on
 
index 1a3f9cfa3830cf2f66118b6f26fff56e61a6c0c3..ad5158d5e0d44961c0df837f29cbe89ee5830413 100644 (file)
   #
   RequestHeader set X-Request-Id %{UNIQUE_ID}e
 
+  #
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  #
+  RequestHeader unset Proxy early
+
   #
   # Block troublesome GPX data scrapping
   #