From a38f2b21a14654ac402c6a5b2f3d520abd5a46ab Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Wed, 20 Jul 2016 09:55:46 -0400
Subject: [PATCH] Mitigate HTTPoxy Vulnerability

---
 controllers/nginx/nginx.tmpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/controllers/nginx/nginx.tmpl b/controllers/nginx/nginx.tmpl
index e72eb4f6f9..d3aeb2b474 100644
--- a/controllers/nginx/nginx.tmpl
+++ b/controllers/nginx/nginx.tmpl
@@ -241,6 +241,10 @@ http {
             proxy_set_header X-Forwarded-Port       $server_port;
             proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
 
+            # mitigate HTTPoxy Vulnerability
+            # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+            proxy_set_header Proxy                  "";
+
             proxy_connect_timeout                   {{ $cfg.proxyConnectTimeout }}s;
             proxy_send_timeout                      {{ $cfg.proxySendTimeout }}s;
             proxy_read_timeout                      {{ $cfg.proxyReadTimeout }}s;