From 3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 Jul 2016 15:01:05 +0100
Subject: [PATCH] Fix potential HTTPoxy vulnerability

https://httpoxy.org/

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/httpd/global.conf                  | 3 +++
 config/rootfiles/core/104/filelists/files | 1 +
 2 files changed, 4 insertions(+)

diff --git a/config/httpd/global.conf b/config/httpd/global.conf
index 3fbd5e2946..6cc69b55ea 100644
--- a/config/httpd/global.conf
+++ b/config/httpd/global.conf
@@ -8,3 +8,6 @@ Include /etc/httpd/conf/hostname.conf
 HostnameLookups off
 AddHandler cgi-script .cgi
 EnableSendfile Off
+
+# Always unset HTTP_PROXY variable, https://httpoxy.org
+RequestHeader unset Proxy early
diff --git a/config/rootfiles/core/104/filelists/files b/config/rootfiles/core/104/filelists/files
index 6679071b23..f23aceae4e 100644
--- a/config/rootfiles/core/104/filelists/files
+++ b/config/rootfiles/core/104/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
 etc/collectd.conf
+etc/httpd/conf/global.conf
 opt/pakfire/lib/functions.sh
 srv/web/ipfire/cgi-bin/ids.cgi
-- 
2.39.5