Speaking of httpoxy
May 27, 2020 · backend
original post date: July 20, 2016
- Service who get HTTP_PROXY from environment
PATHcould be infected (wget/curl will be fine).
- Service data could be stolen while connecting outbound destination by attackers' given
- Under CGI/FPM mode.
- Fix for nginx: add these to
fastcgi_param HTTP_PROXY "";
- Apache has official update.