Skip to content
Snippets Groups Projects
Commit 358f7e90 authored by jurgenhaas's avatar jurgenhaas
Browse files

Mitigate HTTPOXY vulnerability, see https://httpoxy.org

parent 79bfcae3
No related branches found
No related tags found
No related merge requests found
......@@ -52,6 +52,7 @@ userlist kibana
frontend http_in
bind *:80
http-request del-header Proxy
acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip
acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
......@@ -102,6 +103,7 @@ frontend http_in
frontend https_in_{{ cert.ip }}
bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
http-request del-header Proxy
acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip
acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment