<div dir="ltr">Hi,<div><br></div><div>Thanks for the insight.</div><div><br></div><div>Finally I solved by:</div><div><br></div><div><div>if ($scheme = https) {</div><div> gzip off;</div><div>}</div></div><div><br></div>
<div>Separating into two servers require to duplicate the rules like rewrite, which is cumbersome.</div><div><br></div><div>Thanks anyway</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Sat, Aug 17, 2013 at 8:43 PM, Igor Sysoev <span dir="ltr"><<a href="mailto:igor@sysoev.ru" target="_blank">igor@sysoev.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><div><div class="im"><div>On Aug 17, 2013, at 8:59 , howard chen wrote:</div><br><blockquote type="cite"><div dir="ltr">Hi,<div><br></div><div>As you know, due the breach attack (<a href="http://breachattack.com/" target="_blank">http://breachattack.com</a>), HTTP compression is no longer safe (I assume nginx don't use SSL compression by default?), so we should disable it.</div>
</div></blockquote><div><br></div></div><div>Yes, modern nginx versions do not use SSL compression.</div><div class="im"><br><blockquote type="cite"><div dir="ltr">
<div>Now, We are using config like the following:</div><div><br></div><div><div> gzip on;</div><div> ..</div><div> </div><div> server {</div><div> listen <a href="http://127.0.0.1/" target="_blank">127.0.0.1:80</a> default_server;</div>
<div> listen <a href="http://127.0.0.1:443/" target="_blank">127.0.0.1:443</a> default_server ssl;</div><div> </div><div> </div></div><div><br></div><div>With the need to split into two servers section, is it possible to turn off gzip when we are using SSL?</div>
</div></blockquote></div></div><div><br></div>You have to split the dual mode server section into two server server sections and set "gzip off"<div>SSL-enabled on. There is no way to disable gzip in dual mode server section, but if you really</div>
<div>worry about security in general the server sections should be different.<span class="HOEnZb"><font color="#888888"><br><div><br><div>
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><div style="word-wrap:break-word">
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><div style="word-wrap:break-word">
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><div style="word-wrap:break-word">
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><br>
-- <br>Igor Sysoev<br></span></div><div style="word-wrap:break-word"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Georgia;word-spacing:0px"><a href="http://nginx.com/services.html" target="_blank">http://nginx.com/services.html</a></span></div>
</span></div></span></div></span></span>
</div>
<br></div></font></span></div></div><br>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br></blockquote></div><br></div>