honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-23 13:26:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Fix default for http.compression setting (#56899) (#57002)

Browse Source 
Elasticsearch enables HTTP compression by default. However, to mitigate
potential security risks like the BREACH attack, compression is disabled by
default if HTTPS is enabled.

This updates the `http.compression` setting definition accordingly and adds
additional context.

Co-authored-by: Leaf-Lin <39002973+Leaf-Lin@users.noreply.github.com>
This commit is contained in:
James Rodewig 2020-05-20 12:12:05 -04:00 committed by GitHub
parent 381ed235e9
commit b7c6f0d02f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/reference/modules/http.asciidoc
View File

@ -48,7 +48,12 @@ to `4kb`
|`http.compression` |Support for compression when possible (with
Accept-Encoding). Defaults to `true`.
Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults
to `true`.
Disabling compression for HTTPS mitigates potential security risks, such as a
https://en.wikipedia.org/wiki/BREACH[BREACH attack]. To compress HTTPS traffic,
you must explicitly set `http.compression` to `true`.
|`http.compression_level` |Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression)
and 9 (maximum compression). Defaults to `3`.