http-length-hiding-filter #
1. Disabling HTTP compression 2. Separating secrets from user input 3. Randomizing secrets per request 4. Masking secrets (effectively randomizing by XORing with a random secret per request) 5. Protecting vulnerable pages with CSRF 6. Length hiding (by adding random number of bytes to the responses) 7. Rate-limiting th
Source: upstream source
Directives
length_hiding #
syntax: length_hiding on | off · default: off · context: http, server, location, if in location
Enables or disables adding random generated HTML comment.
length_hiding_max #
syntax: length_hiding_max size · default: 2048 · context: http, server, location
Sets maximum length of random generated string used in HTML comment. The size should be within a range from 256 and 2048.
length_hiding_types #
syntax: length_hiding_types <mime_type> [..] · default: text/html · context: http, server, location, if in location
Enables adding random generated HTML comment to responses of the specified MIME types in addition to text/html. The special value * matches any MIME type.
Example
server {
listen 443 default_server deferred ssl http2;
server_name example.com;
length_hiding_max 1024;
location /hiding {
length_hiding on;
}
}