http-length-hiding-filter #

1. Disabling HTTP compression 2. Separating secrets from user input 3. Randomizing secrets per request 4. Masking secrets (effectively randomizing by XORing with a random secret per request) 5. Protecting vulnerable pages with CSRF 6. Length hiding (by adding random number of bytes to the responses) 7. Rate-limiting th

Source: upstream source

Directives

length_hiding #

syntax: length_hiding on | off  ·  default: off  ·  context: http, server, location, if in location

Enables or disables adding random generated HTML comment.

length_hiding_max #

syntax: length_hiding_max size  ·  default: 2048  ·  context: http, server, location

Sets maximum length of random generated string used in HTML comment. The size should be within a range from 256 and 2048.

length_hiding_types #

syntax: length_hiding_types <mime_type> [..]  ·  default: text/html  ·  context: http, server, location, if in location

Enables adding random generated HTML comment to responses of the specified MIME types in addition to text/html. The special value * matches any MIME type.

Example

server {
    listen       443 default_server deferred ssl http2;
    server_name  example.com;
    length_hiding_max 1024;

    location /hiding {
        length_hiding on;
    }
}

↑ back to index