Welcome! Log In Create A New Profile

Advanced

What are NGINX reverse proxy users doing to prevent HTTP Request smuggling?

Sai Vishnu Soudri (ssoudri)
December 10, 2021 06:48AM
Hi everyone,

I'm a new NGINX user and I want to understand what NGINX reverse proxy users are doing to mitigate HTTP request smuggling vulnerability. I understand that NGINX does not support sending HTTP/2 requests upstream.

Since the best way to prevent HTTP Request Smuggling is by sending HTTP/2 requests end to end. I believe NGINX when used as a reverse proxy could expose my backend server to HTTP request smuggling when it converts incoming HTTP/2 requests to HTTP/1.1 before sending it upstream.

Apart from the web application firewall (WAF) from NGINX App Protect, is there any other solution to tackle this vulnerability? I am relatively new to NGINX and reverse proxies, if NGINX or its users does have an alternate solution, please do share.

Thank you.
Regards,
Sai Vishnu Soudri
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

What are NGINX reverse proxy users doing to prevent HTTP Request smuggling?

Sai Vishnu Soudri (ssoudri) December 10, 2021 06:48AM

Re: What are NGINX reverse proxy users doing to prevent HTTP Request smuggling?

Maxim Dounin December 13, 2021 05:20PM

Re: What are NGINX reverse proxy users doing to prevent HTTP Request smuggling?

Sai Vishnu Soudri (ssoudri) December 14, 2021 09:52AM

Re: What are NGINX reverse proxy users doing to prevent HTTP Request smuggling?

Maxim Dounin December 14, 2021 05:18PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready