Hosting4life > Blog > General > Protecting against HTTPoxy vulnerability

Protecting against HTTPoxy vulnerability

HTTPoxy is a vulnerability that affects many server-side web applications that run on CGI or CGI like environments such as FastCGI. PHP is one of the languages affected by this vulnerability and thus it affects many popular applications like WordPress, Joomla, Drupal and many others. Because of this vulnerability the attacker can set a Proxy header in the request and the vulnerable code that uses the HTTP_PROXY environment variable as it’s proxy server will pass all it’s internal http requests through this proxy that is controlled by the attacker and thus possibly exposing sensitive information. There’s a dedicated site that goes into more details on how the vulnerability works and how to mitigate it.

If you are hosted on our shared severs either on old Apache + PHP-FPM or the new Nginx + PHP7.0-FPM you are already protected. We’ve applied a mitigation directly on the Apache and Nginx servers so that everyone is protected against this vulnerability. If you are not yet protected checkout the httpoxy site for ways to mitigate the issue in your system.

Leave a Reply

Your email address will not be published. Required fields are marked *