httpoxy vulnerability

This topic contains 2 replies, has 3 voices, and was last updated by  Dave Wyatt 1 year, 10 months ago.

  • Author
  • #47376

    Efff dd

    where under dsc would this be set? under a module?


  • #47378

    Don Jones

    I might not fully understand what you're asking, so please feel free to clarify if I've got it wrong.

    You're asking where you would set the HTTP response header information mentioned on that website.

    My understanding is that, for IIS, you'd be modifying Application.config. Right now, I'm not sure any of the existing IIS DSC resources are especially good at doing that. You could potentially use a generic XML resource, since Application.config is just XML.

  • #47383

    Dave Wyatt

    Are you asking if the DSC pull server has this vulnerability? That shouldn't be a problem: "httpoxy does not affect any Microsoft Web Frameworks".

You must be logged in to reply to this topic.