From 357d58ad9765900a0eb3579177f3fd1d395eaeb1 Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Mon, 18 Jul 2016 13:34:37 -0400
Subject: [PATCH] Mitigate httpoxy attack (httpoxy.org,
 CVE-2016-(5385-5388,1000109-1000110)

---
 README.md  | 1 +
 nginx.tmpl | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index b12c9c2..f54cc0b 100644
--- a/README.md
+++ b/README.md
@@ -205,6 +205,7 @@ proxy_set_header Connection $proxy_connection;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+proxy_set_header Proxy "";
 ```
 
 ***NOTE***: If you provide this file it will replace the defaults; you may want to check the .tmpl file to make sure you have all of the needed options.
diff --git a/nginx.tmpl b/nginx.tmpl
index eb00afe..19a1274 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -51,6 +51,7 @@ proxy_set_header Connection $proxy_connection;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+proxy_set_header Proxy "";
 {{ end }}
 
 server {