* Include PR#11 from @kkomelin about CGI var vuln.

swarad07 · Jul 21, 2016 · a7e8dad · a7e8dad
1 parent ba5ca3f
commit a7e8dad
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/fastcgi_params b/fastcgi_params
@@ -30,3 +30,6 @@ fastcgi_param REDIRECT_STATUS 200;
 fastcgi_param HTTPS $fastcgi_https if_not_empty;
 ## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above.
 #fastcgi_param HTTPS $fastcgi_https;
+
+## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx.
+fastcgi_param HTTP_PROXY '';