View previous topic :: View next topic |
Author |
Message |
lestat -
Joined: 15 Sep 2003 Posts: 130 Location: GREEN BAY
|
Posted: Tue Jul 19, 2016 9:07 pm Post subject: Are we safe from httpoxy? |
|
|
Is Abyss safe/ protected from httpoxy? (https://httpoxy.org/)
Do we need to do any updating, or pushing of some settings?
Thanks! _________________ XP Pro sp2
Abyss Web Server X2 (v 2.9.3.5)
PHP 5.3.8 |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Mon Jul 25, 2016 5:37 pm Post subject: |
|
|
I would like to know this as well since there is no way in PHP to prevent the Proxy header. |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1298
|
Posted: Fri Oct 07, 2016 1:25 pm Post subject: |
|
|
TRUSTAbyss wrote: | I would like to know this as well since there is no way in PHP to prevent the Proxy header. |
Please raise such issues to our attention using email. It's way more effective than this forum which isn't frequently monitored by our development team.
Regarding the issue, it is easy to circumvent: Add a new custom environment variable in Scripting Parameters named HTTP_PROXY and with no value. This will clear any HTTP_PROXY that may have been passed through the HTTP Proxy header.
Do you confirm this works for you? _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1298
|
Posted: Mon Oct 24, 2016 3:04 pm Post subject: |
|
|
admin,
Version 2.11.2 (just released) is no more vulnerable to httpoxy. It defaults to no more filling or putting HTTP_PROXY in the CGI environment variables. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
|