From 358f7e90ba0db6ce017cc5f99cebc71cd2326fd1 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 18 Jul 2016 16:52:05 +0200
Subject: [PATCH] Mitigate HTTPOXY vulnerability, see https://httpoxy.org

---
 templates/haproxy_cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index c0a61d1..d8a1052 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -52,6 +52,7 @@ userlist kibana
 
 frontend http_in
   bind *:80
+  http-request del-header Proxy
   acl blockedip src -f /etc/haproxy/blacklist.ip
   http-request deny if blockedip
   acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
@@ -102,6 +103,7 @@ frontend http_in
 
 frontend https_in_{{ cert.ip }}
   bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
+  http-request del-header Proxy
   acl blockedip src -f /etc/haproxy/blacklist.ip
   http-request deny if blockedip
   acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
-- 
GitLab