Author Posts

July 18, 2016 at 5:41 pm

Hello
where under dsc would this be set? under a module?

https://httpoxy.org/

thanks

July 18, 2016 at 5:45 pm

I might not fully understand what you're asking, so please feel free to clarify if I've got it wrong.

You're asking where you would set the HTTP response header information mentioned on that website.

My understanding is that, for IIS, you'd be modifying Application.config. Right now, I'm not sure any of the existing IIS DSC resources are especially good at doing that. You could potentially use a generic XML resource, since Application.config is just XML.

July 18, 2016 at 5:56 pm

Are you asking if the DSC pull server has this vulnerability? That shouldn't be a problem: "httpoxy does not affect any Microsoft Web Frameworks".