From 13d93b0c9ef6c839d0ee550ded6e845a4a827fc9 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Mon, 18 Jul 2016 17:04:24 +0100 Subject: [PATCH 1/1] dev: Mitigate env HTTP_PROXY via cgi proxy header --- cookbooks/dev/templates/default/apache.phppgadmin.erb | 3 +++ cookbooks/dev/templates/default/apache.user.erb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/cookbooks/dev/templates/default/apache.phppgadmin.erb b/cookbooks/dev/templates/default/apache.phppgadmin.erb index b6a7f9197..bf3d0b5c7 100644 --- a/cookbooks/dev/templates/default/apache.phppgadmin.erb +++ b/cookbooks/dev/templates/default/apache.phppgadmin.erb @@ -9,6 +9,9 @@ DocumentRoot /usr/share/phppgadmin + # Remove Proxy request header to mitigate https://httpoxy.org/ + RequestHeader unset Proxy early + ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:7000/usr/share/phppgadmin diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb index f6afd675d..37ba4e460 100644 --- a/cookbooks/dev/templates/default/apache.user.erb +++ b/cookbooks/dev/templates/default/apache.user.erb @@ -7,6 +7,9 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit ServerAdmin webmaster@openstreetmap.org ServerAlias <%= @user %>.dev.osm.org + # Remove Proxy request header to mitigate https://httpoxy.org/ + RequestHeader unset Proxy early + UseCanonicalName Off DocumentRoot <%= @directory %> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ -- 2.39.5