WebFaction
Community site: login faq

In light of the newly published vulnerability for sites served over HTTPS + compression, what steps is Webfaction taking to protect our applications? (see report here)

The number one recommendation to defeat the attack is to disable compression for data served over SSL. However this option is not open to Webfaction customers since gzip is enabled on the Nginx front-end server, which of course is out of our control. The other recommendations are either ineffective (add random bytes to the response), or difficult to implement.

Will Webfaction disable gzip compression for websites served via HTTPS?

UPDATE This is a duplicate of http://community.webfaction.com/questions/14236/webfaction-and-breach-attack

asked 07 Aug '13, 08:57

CLawlor's gravatar image

CLawlor
2116
accept rate: 0%

edited 07 Aug '13, 10:15


Yes, we'll be disabling gzip compression for websites served via HTTPS in the coming days, after we've done a bit of testing.

permanent link

answered 07 Aug '13, 10:19

seanf's gravatar image

seanf ♦♦
11.7k21333
accept rate: 37%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×82
×68
×14
×6
×2

question asked: 07 Aug '13, 08:57

question was seen: 1,917 times

last updated: 08 Aug '13, 03:37

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM