From 90835233de0db66d2e2410c1dc7b1363cca999bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 28 Jul 2016 12:30:13 +0200
Subject: [PATCH] Mitigate httpoxy

https://httpoxy.org
---
 .../kosmos-wordpress/templates/default/nginx.conf.erb          | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
index b530bdb..7c9c86e 100644
--- a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
@@ -29,6 +29,9 @@ server {
                 include fastcgi_params;
                 fastcgi_pass 127.0.0.1:9001;
                 fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
+                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
+                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+                fastcgi_param HTTP_PROXY "";
         }
 
         <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>