diff --git a/httpclient5-testing/docker/apache-httpd/Dockerfile b/httpclient5-testing/docker/apache-httpd/Dockerfile
index 166e507fb..6400aff4f 100644
--- a/httpclient5-testing/docker/apache-httpd/Dockerfile
+++ b/httpclient5-testing/docker/apache-httpd/Dockerfile
@@ -33,7 +33,7 @@ RUN mkdir ${httpd_home}/ssl
COPY server-cert.pem ${httpd_home}/ssl/
COPY server-key.pem ${httpd_home}/ssl/
COPY httpd.conf ${httpd_home}/conf/
-COPY httpd-ssl.conf ${httpd_home}/conf/
+COPY httpd-ssl.conf ${httpd_home}/conf/extra/
RUN mkdir -p ${private_dir}
# user: testuser; pwd: nopassword
diff --git a/httpclient5-testing/docker/apache-httpd/httpd-ssl.conf b/httpclient5-testing/docker/apache-httpd/httpd-ssl.conf
index 0f04fbd39..53477407c 100644
--- a/httpclient5-testing/docker/apache-httpd/httpd-ssl.conf
+++ b/httpclient5-testing/docker/apache-httpd/httpd-ssl.conf
@@ -67,8 +67,8 @@ Listen 8443
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the
diff --git a/httpclient5-testing/docker/apache-httpd/httpd.conf b/httpclient5-testing/docker/apache-httpd/httpd.conf
index 8564ef117..93d05d426 100644
--- a/httpclient5-testing/docker/apache-httpd/httpd.conf
+++ b/httpclient5-testing/docker/apache-httpd/httpd.conf
@@ -77,6 +77,9 @@ Listen 8080
# Example:
# LoadModule foo_module modules/mod_foo.so
#
+LoadModule mpm_event_module modules/mod_mpm_event.so
+#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
@@ -154,6 +157,8 @@ LoadModule version_module modules/mod_version.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
+#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
+#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
@@ -428,6 +433,15 @@ LogLevel warn
Require all granted
+
+ #
+ # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+ # backend servers which have lingering "httpoxy" defects.
+ # 'Proxy' request header is undefined by the IETF, not listed by IANA
+ #
+ RequestHeader unset Proxy early
+
+
#
# TypesConfig points to the file containing the list of mappings from
@@ -556,7 +570,7 @@ Include conf/extra/proxy-html.conf
# Secure (SSL/TLS) connections
-Include conf/httpd-ssl.conf
+Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
diff --git a/httpclient5-testing/docker/squid/squid.conf b/httpclient5-testing/docker/squid/squid.conf
index 8cc14ec4e..bf9c7a945 100644
--- a/httpclient5-testing/docker/squid/squid.conf
+++ b/httpclient5-testing/docker/squid/squid.conf
@@ -14,7 +14,8 @@
# limitations under the License.
# ==========================================================================
-http_port 8888 8889
+http_port 8888
+http_port 8889
coredump_dir /var/spool/squid3