How to turn off gzip compression for SSL traffic

howard chen howachen at gmail.com
Sun Aug 18 10:27:48 UTC 2013


Hi,

Thanks for the insight.

Finally I solved by:

if ($scheme = https) {
    gzip off;
}

Separating into two servers require to duplicate the rules like rewrite,
which is cumbersome.

Thanks anyway




On Sat, Aug 17, 2013 at 8:43 PM, Igor Sysoev <igor at sysoev.ru> wrote:

> On Aug 17, 2013, at 8:59 , howard chen wrote:
>
> Hi,
>
> As you know, due the breach attack (http://breachattack.com), HTTP
> compression is no longer safe (I assume nginx don't use SSL compression by
> default?), so we should disable it.
>
>
> Yes, modern nginx versions do not use SSL compression.
>
> Now, We are using config like the following:
>
>     gzip on;
>     ..
>
>     server {
>         listen 127.0.0.1:80 <http://127.0.0.1/> default_server;
>         listen 127.0.0.1:443 default_server ssl;
>
>
>
> With the need to split into two servers section, is it possible to turn
> off gzip when we are using SSL?
>
>
> You have to split the dual mode server section into two server server
> sections and set "gzip off"
> SSL-enabled on. There is no way to disable gzip in dual mode server
> section, but if you really
> worry about security in general the server sections should be different.
>
>
> --
> Igor Sysoev
> http://nginx.com/services.html
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130818/95da45e8/attachment.html>


More information about the nginx mailing list