[Enhancement] Missing nginx module : brotli, http3

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)

https://www.bunkerweb.io

GNU Affero General Public License v3.0

6.42k stars 364 forks source link

[Enhancement] Missing nginx module : brotli, http3 #30

Closed thelittlefireman closed 3 years ago

thelittlefireman commented 3 years ago

Hi,

Could it be possible to add bortli compresssion module and http3 module for nginx ? :) https://dev.to/koddr/how-to-install-brotli-module-for-nginx-on-ubuntu-20-04-2ocp https://medium.com/faun/implementing-http3-quic-nginx-99094d3e39f

Thanks a lot!

fl0ppy-d1sk commented 3 years ago

Hello @thelittlefireman, thanks for your suggestion.

I think it's a good idea to support brotli especially if we can turn it on or off easily. It will be integrated, with gzip support too, in the next release. The only problem is that we need to find a way to "easily" mitigate the BREACH attack when compression is enabled. Regarding HTTP3 support, IMO, we should wait until it's integrated into the stable version.

fl0ppy-d1sk commented 3 years ago

Hello @thelittlefireman, the new 1.2.0 version now integrates brotli and gzip support. You can activate/customize it through environment variables. More info here.

Regarding HTTP3, do not hesitate to reopen a new issue when it's available as a dynamic module and/or integrated into the stable nginx.