Fix potential HTTPoxy vulnerability

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 19 Jul 2016 14:01:05 +0000 (15:01 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 19 Jul 2016 14:02:16 +0000 (15:02 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 19 Jul 2016 14:01:05 +0000 (15:01 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 19 Jul 2016 14:02:16 +0000 (15:02 +0100)
diff --git a/config/httpd/global.conf b/config/httpd/global.conf

index 3fbd5e2946d9b36a7d225510e79715b9095a73b5..6cc69b55eaab1b4223c0bb26870be73eb2f6ee40 100644 (file)
--- a/config/httpd/global.conf
+++ b/config/httpd/global.conf
@@ -8,3 +8,6 @@ Include /etc/httpd/conf/hostname.conf
  HostnameLookups off
  AddHandler cgi-script .cgi
  EnableSendfile Off
+
+# Always unset HTTP_PROXY variable, https://httpoxy.org
+RequestHeader unset Proxy early
diff --git a/config/rootfiles/core/104/filelists/files b/config/rootfiles/core/104/filelists/files

index 6679071b23f8d0639e77121fd66df20fc619ef91..f23aceae4ec2e125242b93733f2046ae88e3ff28 100644 (file)
--- a/config/rootfiles/core/104/filelists/files
+++ b/config/rootfiles/core/104/filelists/files
@@ -1,5 +1,6 @@
  etc/system-release
  etc/issue
  etc/collectd.conf
+etc/httpd/conf/global.conf
  opt/pakfire/lib/functions.sh
  srv/web/ipfire/cgi-bin/ids.cgi
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 19 Jul 2016 14:01:05 +0000 (15:01 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 19 Jul 2016 14:02:16 +0000 (15:02 +0100)
config/httpd/global.conf		patch \| blob \| blame \| history
config/rootfiles/core/104/filelists/files		patch \| blob \| blame \| history