fix!: update nginx config to use $host instead of $http_host

Fixes medium risk issue discovered with gixy
sesh · Jul 4, 2023 · ad85980 · ad85980
1 parent 58b7545
commit ad85980
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/ansible/roles/nginx/templates/nginx_django.conf.j2 b/ansible/roles/nginx/templates/nginx_django.conf.j2
@@ -39,7 +39,7 @@ server {
 
     location / {
         proxy_pass_header Server;
-        proxy_set_header Host $http_host;
+        proxy_set_header Host $host;
         proxy_redirect off;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

diff --git a/ansible/roles/nginx/templates/nginx_django_ssl.conf.j2 b/ansible/roles/nginx/templates/nginx_django_ssl.conf.j2
@@ -54,7 +54,7 @@ server {
 
     location / {
         proxy_pass_header Server;
-        proxy_set_header Host $http_host;
+        proxy_set_header Host $host;
         proxy_redirect off;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;