From c8e29c89bc2d5fa254aeb0a98207c4fa47b5aa3c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 10 Oct 2019 14:48:45 +0200
Subject: bepasty-server: fix proxied host header spoofing

---
 krebs/3modules/bepasty-server.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 94a50952..4892a872 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -164,7 +164,7 @@ let
             client_max_body_size 32M;
             '';
           locations = {
-            "/".extraConfig = "proxy_set_header Host $http_host;";
+            "/".extraConfig = "proxy_set_header Host $host;";
             "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
             "/static/".extraConfig = ''
               alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
-- 
cgit v1.2.3