From 7111fa3a650caf622aa41e1ee0a3d4b471b070e1 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <d@winzen4.de>
Date: Thu, 29 Nov 2018 20:56:28 +0100
Subject: [PATCH] Prevent httpoxy vulnerability in PHP applications

---
 etc/nginx/fastcgi.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf
index 87cd3db..2efe4cb 100644
--- a/etc/nginx/fastcgi.conf
+++ b/etc/nginx/fastcgi.conf
@@ -24,3 +24,5 @@ fastcgi_param  SERVER_NAME        $server_name;
 
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+fastcgi_param HTTP_PROXY "";