Disable compression to prevent BREACH attack

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Disable compression to prevent BREACH attack
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 1eec1f4f
Showing 1 changed file with 3 additions and 0 deletions Show diff stats
lib/support/nginx/gitlab
@@ -42,6 +42,9 @@ server {
   # if a file, which is not found in the root folder is requested,
   # then the proxy pass the request to the upsteam (gitlab unicorn)
   location @gitlab {
+    # We need this to prevent BREACH attack
+    gzip off;
+
     proxy_read_timeout 300; # Some requests take more than 30 seconds.
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
...	...	@@ -42,6 +42,9 @@ server {
42	42	# if a file, which is not found in the root folder is requested,
43	43	# then the proxy pass the request to the upsteam (gitlab unicorn)
44	44	location @gitlab {
	45	+ # We need this to prevent BREACH attack
	46	+ gzip off;
	47	+
45	48	proxy_read_timeout 300; # Some requests take more than 30 seconds.
46	49	proxy_connect_timeout 300; # Some requests take more than 30 seconds.
47	50	proxy_redirect off;
...	...