WebFaction
Community site: login faq

Though to some it may seem overblown, enough has been made in the past few days of the BREACH attack on SSL/TLS for the Django team to release an advisory. From what I can see, webfaction seems to add deflate compression to all SSL sites transparently through its nginx setup.

So, I suppose what I'm asking is whether there's a way to disable deflate compression for our webapps or whether Webfaction has some other mitigation plan for BREACH.

asked 06 Aug '13, 14:05

ris
54
accept rate: 0%


We'll be disabling gzip compression for websites served via HTTPS in the coming days, after we've done a bit of testing.

permanent link

answered 07 Aug '13, 10:19

seanf
12.1k21636
accept rate: 37%

Our Security team is researching possibilities involving this particular attack now. We currently have no other info, in the meantime you should perform the other recommendations in the above links, most importantly use CSRF on every form.

permanent link

answered 06 Aug '13, 17:41

johns ♦♦
5.2k211
accept rate: 23%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×92
×14
×4
×2
×1

question asked: 06 Aug '13, 14:05

question was seen: 1,964 times

last updated: 07 Aug '13, 10:19

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM