From 48753b3f1b60825e659135bcd2818d6e5142c398 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Wed, 20 Jul 2016 09:55:46 -0400 Subject: [PATCH] Mitigate HTTPoxy Vulnerability --- ingress/controllers/nginx/nginx.tmpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ingress/controllers/nginx/nginx.tmpl b/ingress/controllers/nginx/nginx.tmpl index e72eb4f6f9..d3aeb2b474 100644 --- a/ingress/controllers/nginx/nginx.tmpl +++ b/ingress/controllers/nginx/nginx.tmpl @@ -241,6 +241,10 @@ http { proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $pass_access_scheme; + # mitigate HTTPoxy Vulnerability + # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/ + proxy_set_header Proxy ""; + proxy_connect_timeout {{ $cfg.proxyConnectTimeout }}s; proxy_send_timeout {{ $cfg.proxySendTimeout }}s; proxy_read_timeout {{ $cfg.proxyReadTimeout }}s;