negodiy/docker-inventaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx: disable compression to mitigate BREACH exploit

Browse Source
This commit is contained in:
maxlath
2025-02-27 18:17:33 +01:00
parent f2ddb13bc7
commit 5e408aad2b
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nginx/templates/default.conf.template
View File

@@ -39,12 +39,11 @@ server {
client_max_body_size 25M;
# As long as no secret/sensible data are passed in the body, the BREACH exploit on TLS+compression shouldn't be a concern. Right?
# Disabling compression to mitigate BREACH exploit
# https://en.wikipedia.org/wiki/BREACH_(security_exploit)#Mitigation
# http://security.stackexchange.com/questions/39925/breach-a-new-attack-against-http-what-can-be-done
# It could be that it was solved by HTTP/2 \o/ https://blog.cloudflare.com/hpack-the-silent-killer-feature-of-http-2
gzip on;
gzip_types *;
# until we can confidently say that HTTP/2 solves the issue? https://blog.cloudflare.com/hpack-the-silent-killer-feature-of-http-2
gzip off;
# On-The-Fly Image Resizer