kittygirl

Asked: 2018-11-05 23:26:25 +0800 CST2018-11-05 23:26:25 +0800 CST 2018-11-05 23:26:25 +0800 CST

Can I use APACHE mod_deflate with HTTPS TLS?

My server is centos 7.4,with Apache 2.4.6,PHP 5.4,Mysql 5.5.
I plan to use mod_deflate to compress websites file as below:

<IfModule mod_deflate.c>
DeflateCompressionLevel 3
AddOutputFilterByType DEFLATE text/html text/xml text/css text/xml text/javascript application/x-javascript application/x-httpd-php
AddOutputFilter DEFLATE css js html htm xml  
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:pdf|mov|avi|mp3|mp4|rm)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</IfModule>

I think everything is ok but when I read this post:

Some web applications are vulnerable to an information disclosure attack when a TLS connection carries deflate compressed data. For more information, review the details of the "BREACH" family of attacks.

I am not a professional, I just want to know is there a way to safely use TLS HTTPS with compress function?
Thanks in advance!

Can I use APACHE mod_deflate with HTTPS TLS?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Can I use APACHE mod_deflate with HTTPS TLS?

0 Answers