logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



httpoxy vulnerability

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
Jan-E



Joined: 09 Mar 2012
Posts: 794
Location: Amsterdam, NL, EU

PostPosted: Tue 19 Jul '16 1:02    Post subject: httpoxy vulnerability Reply with quote

Retweets by Apachelounge showed me there is a vulnerability for Apache and CGI-programs. I will let the links speak for themselves:

https://httpoxy.org/
https://www.apache.org/security/asf-httpoxy-response.txt
Back to top
C0nw0nk



Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London

PostPosted: Tue 19 Jul '16 1:35    Post subject: Reply with quote

The fix is simple and easy to implement.

https://httpoxy.org/

Nginx : (I suggest /conf/fastcgi_params file depends on your CGI setup if you include that file or not.)
Code:
fastcgi_param HTTP_PROXY "";


If you use Nginx as a proxy to forward to Apache i recommend you put this in your http {} location config of Nginx.
Code:
proxy_set_header Proxy "";


Apache :
Code:
RequestHeader unset Proxy early
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1