mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 03:46:29 +00:00
Added comments about httpoxy
This commit is contained in:
parent
357d58ad97
commit
fd127517b9
@ -205,11 +205,15 @@ proxy_set_header Connection $proxy_connection;
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||||
|
|
||||||
|
# Mitigate httpoxy attack (see README for details)
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
```
|
```
|
||||||
|
|
||||||
***NOTE***: If you provide this file it will replace the defaults; you may want to check the .tmpl file to make sure you have all of the needed options.
|
***NOTE***: If you provide this file it will replace the defaults; you may want to check the .tmpl file to make sure you have all of the needed options.
|
||||||
|
|
||||||
|
***NOTE***: The default configuration blocks the `Proxy` HTTP request header from being sent to downstream servers. This prevents attackers from using the so-called [httpoxy attack](http://httpoxy.org). There is no legitimate reason for a client to send this header, and there are many vulnerable languages / platforms (`CVE-2016-5385`, `CVE-2016-5386`, `CVE-2016-5387`, `CVE-2016-5388`, `CVE-2016-1000109`, `CVE-2016-1000110`, `CERT-VU#797896`).
|
||||||
|
|
||||||
#### Proxy-wide
|
#### Proxy-wide
|
||||||
|
|
||||||
To add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`.
|
To add settings on a proxy-wide basis, add your configuration file under `/etc/nginx/conf.d` using a name ending in `.conf`.
|
||||||
|
@ -51,6 +51,8 @@ proxy_set_header Connection $proxy_connection;
|
|||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||||
|
|
||||||
|
# Mitigate httpoxy attack (see README for details)
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user