From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 Jul 2016 14:01:05 +0000 (+0100)
Subject: Fix potential HTTPoxy vulnerability
X-Git-Tag: v2.19-core104~21
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1

Fix potential HTTPoxy vulnerability

https://httpoxy.org/

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/httpd/global.conf b/config/httpd/global.conf
index 3fbd5e2946..6cc69b55ea 100644
--- a/config/httpd/global.conf
+++ b/config/httpd/global.conf
@@ -8,3 +8,6 @@ Include /etc/httpd/conf/hostname.conf
 HostnameLookups off
 AddHandler cgi-script .cgi
 EnableSendfile Off
+
+# Always unset HTTP_PROXY variable, https://httpoxy.org
+RequestHeader unset Proxy early
diff --git a/config/rootfiles/core/104/filelists/files b/config/rootfiles/core/104/filelists/files
index 6679071b23..f23aceae4e 100644
--- a/config/rootfiles/core/104/filelists/files
+++ b/config/rootfiles/core/104/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
 etc/collectd.conf
+etc/httpd/conf/global.conf
 opt/pakfire/lib/functions.sh
 srv/web/ipfire/cgi-bin/ids.cgi