Are we safe from httpoxy?

 
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI
View previous topic :: View next topic  
Author Message
lestat
-


Joined: 15 Sep 2003
Posts: 130
Location: GREEN BAY

PostPosted: Tue Jul 19, 2016 9:07 pm    Post subject: Are we safe from httpoxy? Reply with quote

Is Abyss safe/ protected from httpoxy? (https://httpoxy.org/)

Do we need to do any updating, or pushing of some settings?

Thanks!
_________________
XP Pro sp2
Abyss Web Server X2 (v 2.9.3.5)
PHP 5.3.8
Back to top View user's profile Send private message AIM Address MSN Messenger
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Mon Jul 25, 2016 5:37 pm    Post subject: Reply with quote

I would like to know this as well since there is no way in PHP to prevent the Proxy header.
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Fri Oct 07, 2016 1:25 pm    Post subject: Reply with quote

TRUSTAbyss wrote:
I would like to know this as well since there is no way in PHP to prevent the Proxy header.


Please raise such issues to our attention using email. It's way more effective than this forum which isn't frequently monitored by our development team.

Regarding the issue, it is easy to circumvent: Add a new custom environment variable in Scripting Parameters named HTTP_PROXY and with no value. This will clear any HTTP_PROXY that may have been passed through the HTTP Proxy header.

Do you confirm this works for you?
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Mon Oct 24, 2016 3:04 pm    Post subject: Reply with quote

admin,

Version 2.11.2 (just released) is no more vulnerable to httpoxy. It defaults to no more filling or putting HTTP_PROXY in the CGI environment variables.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group