--- /dev/null
+diff --git a/server/util_script.c b/server/util_script.c
+index 5e071a2..443dfb6 100644
+--- a/server/util_script.c
++++ b/server/util_script.c
+@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
+ else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) {
+ apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
+ }
++ /* HTTP_PROXY collides with a popular envvar used to configure
++ * proxies, don't let clients set/override it. But, if you must...
++ */
++#ifndef SECURITY_HOLE_PASS_PROXY
++ else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
++ ;
++ }
++#endif
+ /*
+ * You really don't want to disable this check, since it leaves you
+ * wide open to CGIs stealing passwords and people viewing them
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
Version: 2.4.23
-Release: 1
+Release: 2
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Patch2: %{name}-suexec.patch
Patch3: %{name}-branding.patch
Patch4: %{name}-apr.patch
+Patch5: apache-CVE-2016-5387.patch
Patch7: %{name}-syslibs.patch
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%patch7 -p1