From 563fec734912d81cd7caea6fa8ec2b397fb72a9b Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Thu, 3 Apr 2014 13:03:16 +0300 Subject: Disable compression to prevent BREACH attack Signed-off-by: Dmitriy Zaporozhets --- lib/support/nginx/gitlab | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 5bff362da0e..6b31dbd4304 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -42,6 +42,9 @@ server { # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { + # We need this to prevent BREACH attack + gzip off; + proxy_read_timeout 300; # Some requests take more than 30 seconds. proxy_connect_timeout 300; # Some requests take more than 30 seconds. proxy_redirect off; -- cgit v1.2.1 From 5307dd5f74236fc48b64080d3191cba1ebe4315e Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Mon, 7 Apr 2014 15:47:20 +0000 Subject: Comment gzip: off be default --- lib/support/nginx/gitlab | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 6b31dbd4304..f64c8d5883c 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -42,8 +42,9 @@ server { # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { - # We need this to prevent BREACH attack - gzip off; + # If you use https make sure you disable gzip compression + # to be safe against BREACH attack + # gzip off; proxy_read_timeout 300; # Some requests take more than 30 seconds. proxy_connect_timeout 300; # Some requests take more than 30 seconds. @@ -66,5 +67,4 @@ server { } error_page 502 /502.html; -} - +} \ No newline at end of file -- cgit v1.2.1