From 24692da470e254b4405161d38b14b73192c73d1e Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Tue, 14 Jan 2020 06:45:56 +0100
Subject: [PATCH] Fixed cache injection vulnerability using faked headers

---
 etc/nginx/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 90898d2..edbfb4e 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -96,7 +96,7 @@ http {
 	fastcgi_buffers 32 8k;
 	fastcgi_cache fcache;
 	fastcgi_cache_path /tmp/nginx/ levels=2 keys_zone=fcache:5m inactive=1h max_size=1G;
-	fastcgi_cache_key $host$request_uri;
+	fastcgi_cache_key $server_name$host$request_uri;
 
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;