From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 25 Oct 2014 14:07:38 +0000 (-0200)
Subject: Disable compression (BREACH)
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=f815712b22010de23cc5ec255c6b1a15ca28b1c8;p=puppet-apache.git

Disable compression (BREACH)
---

diff --git a/manifests/init.pp b/manifests/init.pp
index 9caf35e..cbdd051 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -82,6 +82,14 @@ class apache(
     require => Package["apache"],
   }
 
+  # disable compression
+  # prevents BREACH attack
+  # see https://superuser.com/questions/627413/how-do-i-disable-http-level-compression
+  module { [ "deflate", "gzip" ]:
+    ensure  => absent,
+    require => Package["apache"],
+  }
+
   # apache mod_macro configuration
   file { "${macros}":
     ensure  => present,