Hello, has anyone considered this simple workaround for BREACH and gzip-compression, i.e. randomly interspersed flush()-es during compression?
https://github.com/wnyc/breach_buster It would be compatible with all clients, and should be fairly easy to implement in nginx (for nginx hackers). Of course, it doesn't prevent BREACH attacks, but it makes them much harder. PS: yes, I'm aware that BREACH should also be prevented in the app-layer, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249301,249301#msg-249301 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
