OT: Rapid Reset attacks on HTTP/2
Jérémy Lal
kapouer at melix.org
Tue Oct 10 18:55:10 UTC 2023
Hi,
from the article, these are the default values, so not too much to worry
yet.
Le mar. 10 oct. 2023 à 20:51, Jeffrey Walton <noloader at gmail.com> a écrit :
> Hi Everyone,
>
> This just made my radar:
> <https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html>.
>
> From the article:
>
> F5, in an independent advisory of its own, said the attack impacts the
> NGINX HTTP/2 module and has urged its customers to update their NGINX
> configuration to limit the number of concurrent streams to a default of
> 128 and persist HTTP connections for up to 1000 requests.
>
> Jeff
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20231010/494847b7/attachment.htm>
More information about the nginx
mailing list