How to mitigate the HTTPOxy Vulnerability

Edit on GitHub

To mitigate against the HTTPOxy vulnerability you need to configure a Custom Header and apply it to the configuration that has the vulnerability.

  1. Create a Custom Header
  2. Apply the Custom Header to the Vulnerable Configuration

Create a Custom Header

Go into Real-Time Manager, Manage Configurations, edit the settings for Content Delivery and go to the Custom Headers tab.

Click on Add to add a new configuration for a Custom Header, give this configuration a name (for example HTTPOxy, this name will be used in the next step), and in the Origin Request Headers field, put the word “Proxy” in the Header Blacklist section, and then click on Save. This creates a Custom Header called HTTPOxy.


Apply the Custom Header to the Vulnerable Configuration

After creating the Custom Header, we need to select it on the Rules Engine tab. Click on Edit and in the Custom Headers Settings field select the configuration you just created. This step must be repeated for all settings that have vulnerable applications.


Didn’t find what you were looking for? Open a support ticket.