• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved fault http_proxy or not impacted?

@SpAcEDeViL imho it's not correct way to fix it and to bad there is no official answer yet from Plesk.

Well here is the short quick fix:

Code:
cat >> /etc/httpd/conf.d/a_httpoxy.conf <<EOF
# httpoxy fix jul 2017
<IfModule mod_headers.c>
   RequestHeader unset Proxy early
</IfModule>
EOF

And then:
Code:
service httpd restart

Notes:
This fix only works if you use nginx with apache for PHP(fcgi). If your using NGINX and PHP-FPM this fix will not work and the fix should be done in NGINX.

About NGINX:
But getting it in NGINX is quiet some work. Well the actuall fix is easy for nginx, add:
proxy_set_header Proxy "";
in the location / directive of the vhost. Problem is that there There is no way to set the proxy_set_header Proxy directive globaly (to my knowledge). So to get it to work it needs
to be in every vhost config. You either have to make a custom nginx config template for Plesk or you have to wait till Plesk updates the vhost template.
 
Apache (search CVE-2016-5387) is already fixed by all Linux OS vendors:
[...] and IIS (Plesk for Windows is affected) will be implemented in Plesk, I hope soon.
Any word yet on this and which versions of Plesk for Windows will be updates?
 
Upcoming MU will completely close this security issue on Linux and Windows Plesk versions.
 
Back
Top