HTTP/2 Rapid Reset Attack Impacting NGINX Products

edited October 12 in Technical

Double check your nginx config.

Mod Edit for context follows.

This blog post centers on a vulnerability that was recently discovered related to the HTTP/2 protocol. Under certain conditions, this vulnerability can be exploited to execute a denial-of-service attack on NGINX Open Source, NGINX Plus, and related products that implement the server-side portion of the HTTP/2 specification. To protect your systems from this attack, we’re recommending an immediate update to your NGINX configuration. ....

Thanked by (1)FrankZ


  • well, why don't you put an example which config is vulnerable and how's the advice on how to update it?

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • ialexpwialexpw OGServices Provider

    Seems that most default settings are OK, it's only if you've changed settings related keepalive requests or max streams.

    Relevant snippet;

    Thanked by (2)ATInDaHause xleet

    Syuh - sftp, rsync & rclone accessible storage from 50GB to TBs.

Sign In or Register to comment.