From 51f09531c48427991a0b047498aec8e706797713 Mon Sep 17 00:00:00 2001 From: Norm Date: Mon, 17 Jun 2024 23:13:55 -0400 Subject: [PATCH] Disable gzip compression in Caddyfile Currently Akkoma doesn't have any proper mitigations against BREACH, which exploits the use of HTTP compression to exfiltrate sensitive data. (see: https://akkoma.dev/AkkomaGang/akkoma/pulls/721#issuecomment-11487) To err on the side of caution, disable gzip compression for now until we can confirm that there's some sort of mitigation in place (whether that would be Heal-The-Breach on the Caddy side or any Akkoma-side mitigations). --- installation/caddy/Caddyfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/installation/caddy/Caddyfile b/installation/caddy/Caddyfile index 6deee74d2..3322acc69 100644 --- a/installation/caddy/Caddyfile +++ b/installation/caddy/Caddyfile @@ -12,8 +12,6 @@ example.tld { output file /var/log/caddy/akkoma.log } - encode gzip - # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 reverse_proxy 127.0.0.1:4000