HTTP/2 Rapid Reset Attack Impacting NGINX Products
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
Double check your nginx config.
Mod Edit for context follows.
This blog post centers on a vulnerability that was recently discovered related to the HTTP/2 protocol. Under certain conditions, this vulnerability can be exploited to execute a denial-of-service attack on NGINX Open Source, NGINX Plus, and related products that implement the server-side portion of the HTTP/2 specification. To protect your systems from this attack, we’re recommending an immediate update to your NGINX configuration. ....
Thanked by (1)FrankZ
Comments
well, why don't you put an example which config is vulnerable and how's the advice on how to update it?
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Seems that most default settings are OK, it's only if you've changed settings related keepalive requests or max streams.
Relevant snippet;