Fixed HTTPoxy vulnerability ref #251

perusio / drupal-with-nginx

Running Drupal using nginx: an idiosyncratically crafted bleeding edge configuration.

855 stars 246 forks source link

Fixed HTTPoxy vulnerability ref #251 #253

Closed kkomelin closed 8 years ago

kkomelin commented 8 years ago

More info https://httpoxy.org

IslandUsurper commented 8 years ago

I think you also need to add that line to apps/drupal/fastcgi_drupal.conf and apps/drupal/fastcgi_no_args_drupal.conf. I don't see any indication that those two files load the root fastcgi_params file.

IslandUsurper commented 8 years ago

No, sorry. I am wrong. The file you changed is included in the "http" block, and covers every request. I guess the two files I mentioned are for overrides.

perusio commented 8 years ago

@kkomelin Merged with minor style changes. I prefer single quotes and punctuation in comments :)

See https://github.com/perusio/drupal-with-nginx/commit/a7e8dad46419d808021c938d6e2af29f9edda350 and also in master https://github.com/perusio/drupal-with-nginx/commit/ce644102fa29edd1a2c3ef46ae64ff371a992a37

Thanks

kkomelin commented 8 years ago

@perusio Thanks for reviewing and merging the PR. As for the coding standards, it is good to know.