Should nginx' default shipped fastcgi_param file updated to mitigate httpoxy?

Thomas Deutschmann whissi at gentoo.org
Tue Aug 9 22:11:25 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

thank you for your response.

For the sake of completeness: For Gentoo we decided to patch the
default configuration, see [1].


[1]
https://gitweb.gentoo.org/repo/gentoo.git/tree/www-servers/nginx/files/nginx-httpoxy-mitigation.patch?id=c4b897dc39a939d0f409e1bcd9f6bd9c75679cf9


- -- 
Regards,
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1

iQJ8BAEBCgBmBQJXqlTTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5
NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IrwsP/RDIf+O4RzjTaAPxcj4yiM8i
34OfVu5stvsWpkk5kMgaV2Pvoj4JZxf3fs+J/A/+iVDOcXW+bFlA8VVrgQA1CnZf
PJAF3fYEn8KCberllHBYxVBRySsRKc8WdBrAwVYGnXpcT9+GA18tC3JbmnZM+ZLJ
Y07MZdDjwyyFEMH2IlPM7ltaY7xTVSG6JigYS/m0jZ6alURE+v7rdSdvMlHh4mmG
cuBOFgYRA1CKuHWXJPYAS+LW57NImbolPiLpOl6CuzsOqfs/cTwzlgOIMRAiWnob
G5S739sz/nyeSqXnt6FLS1Rb+B3emEFYnnr2cjxTIGRiVf9Wf8AN4U7s7YkxQsE1
T9L29k5TgWuFhk+EEA7QtZ1Jn+Uw0NLoSauNyrWYLL/QdI0odTEroi86vdk9Ut6i
tVmzZibCYOnXsC8zpZ781NroAgch/F3G8zeGFdvJkBKHEfD8vKTQW2Lm5QlNr/O4
7ZTRjm9hmPuBuF4QXOfo5GVoXbuI25bfNYoLEtQGtudOnWHN8+HnsPEDagD8N6iJ
628YlqY8C5P3v4KfcfwD138bMIrf8oY68bNFq1FRlakiNSJtiQ+U6LKrA5hXRx2R
47sxYE6ycx+3ybzsCyn13qiKxvGSddBOoCjMKOlEUJOJ/pRa3OSrWpWXHAcSc0A+
vNaEfk1LiyJdG/yUlnB6
=G2Ht
-----END PGP SIGNATURE-----



More information about the nginx-devel mailing list