From: Grant Slater <git@firefishy.com>
Date: Mon, 18 Jul 2016 16:04:24 +0000 (+0100)
Subject: dev: Mitigate env HTTP_PROXY via cgi proxy header
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/13d93b0c9ef6c839d0ee550ded6e845a4a827fc9

dev: Mitigate env HTTP_PROXY via cgi proxy header
---

diff --git a/cookbooks/dev/templates/default/apache.phppgadmin.erb b/cookbooks/dev/templates/default/apache.phppgadmin.erb
index b6a7f9197..bf3d0b5c7 100644
--- a/cookbooks/dev/templates/default/apache.phppgadmin.erb
+++ b/cookbooks/dev/templates/default/apache.phppgadmin.erb
@@ -9,6 +9,9 @@
 
 	DocumentRoot /usr/share/phppgadmin
 
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
 	ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
 	ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
 	ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin
diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index f6afd675d..37ba4e460 100644
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -7,6 +7,9 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
 	ServerAdmin webmaster@openstreetmap.org
 	ServerAlias <%= @user %>.dev.osm.org
 
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
 	UseCanonicalName Off
 	DocumentRoot <%= @directory %>
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/