From 598c15bf66fc8f3dbfa3e74c50eeb82eeb636487 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 11 Jul 2018 01:33:06 +0200
Subject: [PATCH] X-F-F must not come from anywhere externally

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/httpd/website/templates/website.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index c18b76607b..c74434a687 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -6,6 +6,8 @@
   ServerAdmin {{ server_admin }}
   TraceEnable Off
 
+  RequestHeader unset X-Forwarded-For
+
 {% if gzip %}
   SetOutputFilter DEFLATE
 {% endif %}
@@ -38,6 +40,8 @@
 {% endif %}
   ServerAdmin {{ server_admin }}
 
+  RequestHeader unset X-Forwarded-For
+
 {% if ansible_distribution == 'Fedora' and not inventory_hostname.startswith(('proxy01.phx2','proxy10.phx2')) and site_name != 'src.fedoraproject.org' %}
   Protocols h2 http/1.1
 {% elif ansible_distribution == 'Fedora' %}