logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: httpoxy vulnerability
Author
Jan-E



Joined: 09 Mar 2012
Posts: 1248
Location: Amsterdam, NL, EU

PostPosted: Tue 19 Jul '16 1:02    Post subject: httpoxy vulnerability Reply with quote

Retweets by Apachelounge showed me there is a vulnerability for Apache and CGI-programs. I will let the links speak for themselves:

https://httpoxy.org/
https://www.apache.org/security/asf-httpoxy-response.txt
Back to top
C0nw0nk



Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London

PostPosted: Tue 19 Jul '16 1:35    Post subject: Reply with quote

The fix is simple and easy to implement.

https://httpoxy.org/

Nginx : (I suggest /conf/fastcgi_params file depends on your CGI setup if you include that file or not.)
Code:
fastcgi_param HTTP_PROXY "";


If you use Nginx as a proxy to forward to Apache i recommend you put this in your http {} location config of Nginx.
Code:
proxy_set_header Proxy "";


Apache :
Code:
RequestHeader unset Proxy early
Back to top


Reply to topic   Topic: httpoxy vulnerability View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout