OT: Rapid Reset attacks on HTTP/2
Jeffrey Walton
noloader at gmail.com
Tue Oct 10 18:50:37 UTC 2023
Hi Everyone,
This just made my radar:
<https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html>.
>From the article:
F5, in an independent advisory of its own, said the attack impacts the
NGINX HTTP/2 module and has urged its customers to update their NGINX
configuration to limit the number of concurrent streams to a default of
128 and persist HTTP connections for up to 1000 requests.
Jeff
More information about the nginx
mailing list