diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-10-25 12:07:38 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-10-25 12:07:38 -0200 |
| commit | f815712b22010de23cc5ec255c6b1a15ca28b1c8 (patch) | |
| tree | 4a9b66e4e4be208addb2925071db208cdde6ac62 | |
| parent | aabdff0f60ef75cc6a8e2fcb25a85e05a407e657 (diff) | |
| download | puppet-apache-f815712b22010de23cc5ec255c6b1a15ca28b1c8.tar.gz puppet-apache-f815712b22010de23cc5ec255c6b1a15ca28b1c8.tar.bz2 | |
Disable compression (BREACH)
| -rw-r--r-- | manifests/init.pp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 9caf35e..cbdd051 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -82,6 +82,14 @@ class apache( require => Package["apache"], } + # disable compression + # prevents BREACH attack + # see https://superuser.com/questions/627413/how-do-i-disable-http-level-compression + module { [ "deflate", "gzip" ]: + ensure => absent, + require => Package["apache"], + } + # apache mod_macro configuration file { "${macros}": ensure => present, |