Mitigate httpoxy

https://httpoxy.org
2016-07-28 12:30:13 +02:00 · 2016-07-28 12:30:13 +02:00 · 90835233de
commit 90835233de
parent 58604212ec
1 changed files with 3 additions and 0 deletions
--- a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
@ -29,6 +29,9 @@ server {
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9001;
                fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
+                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
+                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+                fastcgi_param HTTP_PROXY "";
        }

        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>