Mitigate the httpoxy vulnerability

https://httpoxy.org
2016-07-28 12:25:34 +02:00 · 2016-07-28 12:25:34 +02:00 · 58604212ec
commit 58604212ec
parent e7f10a98b6
1 changed files with 3 additions and 0 deletions
--- a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
@ -25,6 +25,9 @@ server {
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9002;
                fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
+                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
+                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+                fastcgi_param HTTP_PROXY "";
        }

        ssl_certificate <%= @ssl_cert %>;