Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigating Httpoxy #835

Merged
merged 3 commits into from
Jul 22, 2016
Merged

Mitigating Httpoxy #835

merged 3 commits into from
Jul 22, 2016

Conversation

marcofl
Copy link
Contributor

@marcofl marcofl commented Jul 22, 2016

Should possibly go together with https://github.com/jfryman/puppet-nginx/compare/httpoxy-test
If you guys are already working on a httpoxy fix, just reject this pull request.
Thanks.

@dasrecht
Copy link

Looks good to me 👍

@abrander abrander mentioned this pull request Jul 22, 2016
Closed
@FlorianSW
Copy link
Contributor

Looks good to me 👌

@jfryman
Copy link
Contributor

jfryman commented Jul 22, 2016

Stellar. Tyvm for the code!

@jfryman jfryman merged commit fca0c6c into voxpupuli:master Jul 22, 2016
@marcofl marcofl deleted the httpoxy branch July 22, 2016 16:25
@dominics
Copy link

dominics commented Aug 3, 2017
edited
Loading

Note that this fix was reverted as part of #862

That seems to be because Nginx recommend overriding the header just for PHP requests (https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/#connecting-nginx-to-php-fpm) - not a great solution IMO considering there is exactly zero legitimate use for a Proxy header in HTTP.

Upshot is that when people upgrade to 0.7.0 of this library, their mitigation will come undone.

@dominics dominics mentioned this pull request Aug 3, 2017
Open
Slm0n87 pushed a commit to Slm0n87/puppet-nginx that referenced this pull request Mar 7, 2019
@jfryman
Merge pull request voxpupuli#835 from vshn/httpoxy
e733e63 
Mitigating Httpoxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@marcofl @dasrecht @FlorianSW @jfryman @dominics @3flex