Httpoxy vulnerability

Affects PHP, more information can be found here:

Can be blocked in NGINX by adding:
fastcgi_param HTTP_PROXY “”;

And in Apache:
RequestHeader unset Proxy early

Hello. Please open an issue on our github repository for tracking this issue. (Things that we really don’t want to forget about are better on github.)

1 Like

Thanks @DrMartin, temporarily patched ‘nginx’ by adding:

fastcgi_param HTTP_PROXY "";

To: /etc/nginx/fastcgi_params file.

@JoshData noticed @yodax provided a patch here then, knowing that’s a security fix about HTTPoxy vulnerability have you plans to merge It to ‘master’ and/or to release a new official release, soon? Thanks in advance.

Thanks for the ping. I’ve left a comment on the github issue & PR.

This topic was automatically closed after 61 days. New replies are no longer allowed.