httpoxy vulnerability

where under dsc would this be set? under a module?


I might not fully understand what you’re asking, so please feel free to clarify if I’ve got it wrong.

You’re asking where you would set the HTTP response header information mentioned on that website.

My understanding is that, for IIS, you’d be modifying Application.config. Right now, I’m not sure any of the existing IIS DSC resources are especially good at doing that. You could potentially use a generic XML resource, since Application.config is just XML.

Are you asking if the DSC pull server has this vulnerability? That shouldn’t be a problem: “httpoxy does not affect any Microsoft Web Frameworks”.