From f815712b22010de23cc5ec255c6b1a15ca28b1c8 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 25 Oct 2014 12:07:38 -0200
Subject: Disable compression (BREACH)

---
 manifests/init.pp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index 9caf35e..cbdd051 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -82,6 +82,14 @@ class apache(
     require => Package["apache"],
   }
 
+  # disable compression
+  # prevents BREACH attack
+  # see https://superuser.com/questions/627413/how-do-i-disable-http-level-compression
+  module { [ "deflate", "gzip" ]:
+    ensure  => absent,
+    require => Package["apache"],
+  }
+
   # apache mod_macro configuration
   file { "${macros}":
     ensure  => present,
-- 
cgit v1.2.3