Merge branch 'breack-attack' into 'master'

Breack attack Fixes #1104

Merge branch 'breack-attack' into 'master'
Breack attack Fixes #1104
Dmitriy Zaporozhets
2 parents 8df66046 5307dd5f
Showing 1 changed file with 5 additions and 2 deletions Show diff stats
lib/support/nginx/gitlab
@@ -42,6 +42,10 @@ server {
   # if a file, which is not found in the root folder is requested,
   # then the proxy pass the request to the upsteam (gitlab unicorn)
   location @gitlab {
+    # If you use https make sure you disable gzip compression 
+    # to be safe against BREACH attack
+    # gzip off;
+
     proxy_read_timeout 300; # Some requests take more than 30 seconds.
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
@@ -63,5 +67,4 @@ server {
   }
  
   error_page 502 /502.html;
-}
-
+}
 \ No newline at end of file
...	...	@@ -42,6 +42,10 @@ server {
42	42	# if a file, which is not found in the root folder is requested,
43	43	# then the proxy pass the request to the upsteam (gitlab unicorn)
44	44	location @gitlab {
	45	+ # If you use https make sure you disable gzip compression
	46	+ # to be safe against BREACH attack
	47	+ # gzip off;
	48	+
45	49	proxy_read_timeout 300; # Some requests take more than 30 seconds.
46	50	proxy_connect_timeout 300; # Some requests take more than 30 seconds.
47	51	proxy_redirect off;
...	...	@@ -63,5 +67,4 @@ server {
63	67	}
64	68
65	69	error_page 502 /502.html;
66		-}
67		-
	70	+}
68	71	\ No newline at end of file
...	...