The cURL command line and library are commonly used to enable various kinds of applications to make requests to various kinds of servers, including web servers. This library can be configured by using command line parameters, or it can read its configuration parameters from the host process environment variables. "HTTP_PROXY" is one of the many configuration parameters that are used by cURL. "HTTP_PROXY" is used by cURL to send an HTTP request through the configured proxy.
Note This is unrelated to "HTTP_PROXY" as the representation of a client request header.
When cURL is hosted within a CGI process, and that process contains an environment variable that is named "HTTP_PROXY," cURL uses its value to send requested data through the HTTP proxy whose value is specified in the environment variable. This occurs because cURL expects that "HTTP_PROXY" is a configuration directive and not a client request header.
If you do have to use CGI for some reason, either block requests that contain a request header named "Proxy" or clear the value of the header. This is because "Proxy" is not a standard request header name and browsers will generally not send it.
To block a request that contains a Proxy header (the preferred solution), run the following command line:
Note The appcmd.exe is not typically in the path and can be found in the %systemroot%\system32\inetsrv directory
To clear the value of the header, you can use the following URL Rewrite rule:
<rule name="Erase HTTP_PROXY" patternSyntax="Wildcard">
<match url="*.*" />
<set name="HTTP_PROXY" value="" />
<action type="None" />
Note The URL Rewrite is a downloadable add-in to IIS and is not included in a default IIS installation.