Disable compression (BREACH)

author Silvio Rhatto <rhatto@riseup.net>

Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)
diff --git a/manifests/init.pp b/manifests/init.pp

index 9caf35efc4b297e62567c78c1c896649f87c0b06..cbdd051aec9dcc0ef373c3d32f941b3c30599c2f 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -82,6 +82,14 @@ class apache(
      require => Package["apache"],
    }
  
+  # disable compression
+  # prevents BREACH attack
+  # see https://superuser.com/questions/627413/how-do-i-disable-http-level-compression
+  module { [ "deflate", "gzip" ]:
+    ensure  => absent,
+    require => Package["apache"],
+  }
+
    # apache mod_macro configuration
    file { "${macros}":
      ensure  => present,
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 25 Oct 2014 14:07:38 +0000 (12:07 -0200)