From: Grant Slater <git@firefishy.com>
Date: Mon, 18 Jul 2016 16:06:09 +0000 (+0100)
Subject: munin: Mitigate env HTTP_PROXY via cgi proxy header
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/752fbabf060f31db7de3f03d632bc047baba5087

munin: Mitigate env HTTP_PROXY via cgi proxy header
---

diff --git a/cookbooks/munin/templates/default/apache.erb b/cookbooks/munin/templates/default/apache.erb
index 141d2a50f..15c5009e6 100644
--- a/cookbooks/munin/templates/default/apache.erb
+++ b/cookbooks/munin/templates/default/apache.erb
@@ -15,6 +15,9 @@
 	Alias /static/ /etc/munin/static/
 	ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
 
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
 	RewriteEngine on
 	RewriteCond %{REQUEST_URI} !^/static/
 	RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]