[Feature Request] add length_hiding module to nginx-extras to mitigate BREACH attack

gplessis / dotdeb-nginx

Dotdeb : Nginx

http://www.dotdeb.org/

BSD 2-Clause "Simplified" License

63 stars 31 forks source link

[Feature Request] add length_hiding module to nginx-extras to mitigate BREACH attack #69

Open azeemism opened 9 years ago

azeemism commented 9 years ago

This module appends random generated strings to the end of HTML responses, this helps to mitigate a BREACH attack which targets http compressed (gzip) responses. The alternative is to disable gzip on web servers, an unwelcome thought.