Skip to content

cloudflare/cf-nocompress

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
cf-nocompress
cf-nocompress
 
 
example_attack
example_attack
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
nginx.patch
nginx.patch
 
 

Repository files navigation

cf-nocompress

The repository contains a proof of concept mitigation for compression oracle attacks as detailed here. The repository is split into two folders. The first, cf-nocompress, contains an NGINX plugin that uses selective compression to mitigate such attacks. The second, example_attack, is a tool which can verify if a website is vulnerable to the attack.

The websites https://compression.website/ and https://compression.website/unsafe/ demonstrate this mitigation in action.

About

An nginx module to prevent generic compression oracles

blog.cloudflare.com/a-solution-to-compression-oracles-on-the-web/

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

10 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages