| blob | 61aac262af3da5b1c28622f4a7cf72cad65c91b5 |
1 --- server/util_script.c (revision 1752426)
2 +++ server/util_script.c (working copy)
3 @@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r
4 else if (!strcasecmp(hdrs[i].key, "Content-length")) {
5 apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
6 }
7 + /* HTTP_PROXY collides with a popular envvar used to configure
8 + * proxies, don't let clients set/override it. But, if you must...
9 + */
10 +#ifndef SECURITY_HOLE_PASS_PROXY
11 + else if (!strcasecmp(hdrs[i].key, "Proxy")) {
12 + ;
13 + }
14 +#endif
15 /*
16 * You really don't want to disable this check, since it leaves you
17 * wide open to CGIs stealing passwords and people viewing them