More info e.g. at https://httpoxy.org/
suggested fix: "If you’re running PHP or CGI, you should block the Proxy header now." Fossil's suggesting deployment as a CGI Fossil's using http_proxy itself (as client) wondering whether: - fossil can be convinced to be exploitable by a well crafted proxy header - std CGI setup instructions should include deleting the Proxy header Regards, -Martin _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users