From 8a00b244aa42df10688a5b761426f69b7e83f562 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Mon, 18 Jul 2016 16:43:49 +0100
Subject: [PATCH] Mitigate env HTTP_PROXY via cgi proxy header

---
 cookbooks/tile/templates/default/apache.erb         | 3 +++
 cookbooks/web/templates/default/apache.frontend.erb | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
index 66d9dd837..4fcbf9b47 100644
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -30,6 +30,9 @@
   # will always work and can be cached
   Header set Access-Control-Allow-Origin "*"
 
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
   # Enable the rewrite engine
   RewriteEngine on
 
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 1a3f9cfa3..ad5158d5e 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -35,6 +35,11 @@
   #
   RequestHeader set X-Request-Id %{UNIQUE_ID}e
 
+  #
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  #
+  RequestHeader unset Proxy early
+
   #
   # Block troublesome GPX data scrapping
   #
-- 
2.43.2