Fix potential HTTPoxy vulnerability

https://httpoxy.org/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2016-07-19 15:01:05 +01:00
parent 71f578bbfc
commit 3b7d73d1d4
2 changed files with 4 additions and 0 deletions
--- a/config/httpd/global.conf
+++ b/config/httpd/global.conf
@@ -8,3 +8,6 @@ Include /etc/httpd/conf/hostname.conf
 HostnameLookups off
 AddHandler cgi-script .cgi
 EnableSendfile Off
+
+# Always unset HTTP_PROXY variable, https://httpoxy.org
+RequestHeader unset Proxy early
--- a/config/rootfiles/core/104/filelists/files
+++ b/config/rootfiles/core/104/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
 etc/collectd.conf
+etc/httpd/conf/global.conf
 opt/pakfire/lib/functions.sh
 srv/web/ipfire/cgi-bin/ids.cgi