Welcome! Log In Create A New Profile

Re: OT: Rapid Reset attacks on HTTP/2

Forum List Message List New Topic Print View

Maxim Dounin

October 10, 2023 03:04PM

Hello!

On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote:

> Hi Everyone,
>
> This just made my radar:
> https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html.
>
> From the article:
>
> F5, in an independent advisory of its own, said the attack impacts the
> NGINX HTTP/2 module and has urged its customers to update their NGINX
> configuration to limit the number of concurrent streams to a default of
> 128 and persist HTTP connections for up to 1000 requests.

The "the attack impacts the NGINX HTTP/2 module" claim is
incorrect, see here:

https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html

Hope this helps.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
OT: Rapid Reset attacks on HTTP/2	noloader	October 10, 2023 02:52PM
Re: OT: Rapid Reset attacks on HTTP/2	kapouer	October 10, 2023 02:56PM
Re: OT: Rapid Reset attacks on HTTP/2	Maxim Dounin	October 10, 2023 03:04PM
Re: OT: Rapid Reset attacks on HTTP/2	noloader	October 10, 2023 03:48PM
Re: OT: Rapid Reset attacks on HTTP/2	Rick Gutierrez	October 10, 2023 05:32PM
Re: OT: Rapid Reset attacks on HTTP/2	Maxim Dounin	October 10, 2023 05:56PM
Re: OT: Rapid Reset attacks on HTTP/2	Rick Gutierrez	October 12, 2023 11:48AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 182

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018