Hi everyone, I'm a new NGINX user and I want to understand what NGINX reverse proxy users are doing to mitigate HTTP request smuggling vulnerability. I understand that NGINX does not support sending HTTP/2 requests upstream.
Since the best way to prevent HTTP Request Smuggling is by sending HTTP/2 requests end to end. I believe NGINX when used as a reverse proxy could expose my backend server to HTTP request smuggling when it converts incoming HTTP/2 requests to HTTP/1.1 before sending it upstream. Apart from the web application firewall (WAF) from NGINX App Protect, is there any other solution to tackle this vulnerability? I am relatively new to NGINX and reverse proxies, if NGINX or its users does have an alternate solution, please do share. Thank you. Regards, Sai Vishnu Soudri
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
