Block httpoxy attacks

About apache ...

Adding 'RequestHeader unset Proxy early' to the Apache/server.tpl.php is easy. But it does depend on mod_headers which we don't enable by default.
The Debian package could be made to handle this, but the regular upgrade script does not use root privileges... and so cannot.

We can deal with both servers in this issue, but keeping the patches separate is fine with me. I'm about to review the Nginx patch above.

That patch looked good; I just added some comment lines. Now onto Apache fixes... I won't be looking into this myself as I'm only running Nginx at the moment.

I also fixed the following:
* Drupal recipe on the Nginx wiki
* Nginx support in Aegir HTTPS (new home of HTTPS support)

Setting back to active for Apache.

I don't think we have to do anything (as Aegir) for Apache in this case ... They have updated packages available which cover this issue.

Debian 2.4.10-10+deb8u5 and for Ubuntu 2.4.18-2ubuntu3.1