Webfaction and BREACH attack

Though to some it may seem overblown, enough has been made in the past few days of the BREACH attack on SSL/TLS for the Django team to release an advisory. From what I can see, webfaction seems to add deflate compression to all SSL sites transparently through its nginx setup.

So, I suppose what I'm asking is whether there's a way to disable deflate compression for our webapps or whether Webfaction has some other mitigation plan for BREACH.

asked 06 Aug '13, 14:05

ris
5●4
accept rate: 0%

2 Answers:

active answers oldest answers newest answers popular answers

2	We'll be disabling gzip compression for websites served via HTTPS in the coming days, after we've done a bit of testing. permanent link answered 07 Aug '13, 10:19 seanf 12.2k●4●18●36 accept rate: 37%

Our Security team is researching possibilities involving this particular attack now. We currently have no other info, in the meantime you should perform the other recommendations in the above links, most importantly use CSRF on every form.

permanent link

answered 06 Aug '13, 17:41

johns
5.3k●3●12
accept rate: 23%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

ssl ×93
gzip ×14
tls ×4
breach ×2
deflate ×1

question asked: 06 Aug '13, 14:05

question was seen: 2,337 times

last updated: 07 Aug '13, 10:19

Webfaction and BREACH attack

Follow this question

Related questions