From: Grant Slater <git@firefishy.com>
Date: Mon, 18 Jul 2016 15:43:49 +0000 (+0100)
Subject: Mitigate env HTTP_PROXY via cgi proxy header
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/8a00b244aa42df10688a5b761426f69b7e83f562

Mitigate env HTTP_PROXY via cgi proxy header
---

diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
index 66d9dd837..4fcbf9b47 100644
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -30,6 +30,9 @@
   # will always work and can be cached
   Header set Access-Control-Allow-Origin "*"
 
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
   # Enable the rewrite engine
   RewriteEngine on
 
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 1a3f9cfa3..ad5158d5e 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -35,6 +35,11 @@
   #
   RequestHeader set X-Request-Id %{UNIQUE_ID}e
 
+  #
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  #
+  RequestHeader unset Proxy early
+
   #
   # Block troublesome GPX data scrapping
   #