Setting up a custom header to mitigate HTTPOxy vulnerability
To mitigate against the HTTPOxy vulnerability you need to configure a Custom Header and apply it to the configuration that has the vulnerability.
Create a Custom Header
Go into Real-Time Manager, Manage Configurations, edit the settings for Content Delivery and go to the Custom Headers tab.
Click on Add to add a new configuration for a Custom Header, give this configuration a name (for example HTTPOxy, this name will be used in the next step), and in the Origin Request Headers field, put the word “Proxy” in the Header Blacklist section, and then click on Save. This creates a Custom Header called HTTPOxy.
Apply the Custom Header to the Vulnerable Configuration
After creating the Custom Header, we need to select it on the Rules Engine tab. Click on Edit and in the Custom Headers Settings field select the configuration you just created. This step must be repeated for all settings that have vulnerable applications.
Didn’t find what you were looking for? Open a support ticket.