Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to Mitigate against Proxy Header Vulnerability

Common Gateway Interface (CGI) Server-side Web Applications can send an automated response for every request they receive. Attackers can use these automated responses to insert a value within the Proxy header of HTTP requests for malicious purposes.

To remove this vulnerability, create a content rule deleting the Proxy header from incoming requests to a port 80 redirect Virtual Service.

1. Create a rule in Rules & Checking > Content Rules > Create New

2. Change the rule type to Delete Header.

3. For the Header Field to be Deleted, enter Proxy.

Note that the header values are case sensitive. 


4. To add this rule, navigate to your port 80 Redirect Virtual Service and select Advanced Properties > HTTP Header Modifications > Show Header Rules.



5. Add the created rule to Request Rules


Now the Proxy header field is removed from all port 80 requests thus removing this potential vulnerability.


Was this article helpful?
0 out of 0 found this helpful