[Bug 251684] www/apache24: enable mod_brotli by default

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 22 Feb 2022 22:08:03 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251684

Rafael Grether <devnull@apt322.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |devnull@apt322.org

--- Comment #1 from Rafael Grether <devnull@apt322.org> ---
Despite the mod_brotli is supported by the vast majority of current web
browsers, some web applications are vulnerable to an information disclosure
attack when a TLS connection carries compressed data, according
https://httpd.apache.org/docs/trunk/mod/mod_brotli.html

So, for security reasons, I think and suggest mantain brotli module disabled by
default.
Manually, you can perform a "make config" and check Brotli support.

-- 
You are receiving this mail because:
You are the assignee for the bug.