Skip to content
Snippets Groups Projects
Commit 358f7e90 authored by jurgenhaas's avatar jurgenhaas
Browse files

Mitigate HTTPOXY vulnerability, see https://httpoxy.org

parent 79bfcae3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
templates/haproxy_cfg
+ 2
0
View file @ 358f7e90
...@@ -52,6 +52,7 @@ userlist kibana ...@@ -52,6 +52,7 @@ userlist kibana
frontend http_in frontend http_in
bind *:80 bind *:80
http-request del-header Proxy
acl blockedip src -f /etc/haproxy/blacklist.ip acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip http-request deny if blockedip
acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
...@@ -102,6 +103,7 @@ frontend http_in ...@@ -102,6 +103,7 @@ frontend http_in
frontend https_in_{{ cert.ip }} frontend https_in_{{ cert.ip }}
bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3 bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
http-request del-header Proxy
acl blockedip src -f /etc/haproxy/blacklist.ip acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip http-request deny if blockedip
acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer acl blockedreferer hdr_sub(referer) -i -f /etc/haproxy/blacklist.referer
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment