titanz/NGINX-Configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Block dangerous X headers

Browse Source
This commit is contained in:
Tommy 2025-01-03 06:15:48 -07:00 committed by GitHub
parent dbdd308ffb
commit c809ef29b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
etc/nginx/snippets/proxy.conf
View File

@ -10,11 +10,6 @@ proxy_set_header Early-Data $ssl_early_data;
# Restore visitor IP
proxy_set_header X-Real-IP $remote_addr;
# Restore original method & URL
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-URI $request_uri;
# Forward host header
proxy_set_header Host $host;
@ -31,3 +26,14 @@ proxy_set_header X-Forwarded-Port $server_port;
# Hide X-Powered-By
proxy_hide_header X-Powered-By;
# CVE-2018-14773
proxy_set_header X-Original-URL "";
proxy_set_header X-Rewrite-URL "";
# Not the CVE, but is extremely similar
proxy_set_header X-Original-URI "";
# Potentially dangerous: https://github.com/oauth2-proxy/oauth2-proxy/issues/735
proxy_set_header X-Original-Method "";
proxy_set_header X-Forwarded-Method "";