From 58604212ecc32d8e159b22838bd314de3e8b3f86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 28 Jul 2016 12:25:34 +0200
Subject: [PATCH] Mitigate the httpoxy vulnerability

https://httpoxy.org
---
 .../kosmos-mediawiki/templates/default/nginx.conf.erb          | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
index 8e8c009..0154d5f 100644
--- a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
@@ -25,6 +25,9 @@ server {
                 include fastcgi_params;
                 fastcgi_pass 127.0.0.1:9002;
                 fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
+                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
+                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+                fastcgi_param HTTP_PROXY "";
         }
 
         ssl_certificate <%= @ssl_cert %>;