0

Since NGINX does not support sending HTTP/2 requests upstream, what are the present NGINX reverseproxy users doing to mitigate HTTP Request Smuggling vulnerability?

I understand that the best way to prevent HTTP Request Smuggling is by sending HTTP/2 requests end to end. Since NGINX when used as reverseproxy sends requests upstream using HTTP/1.1, I believe this exposes the backend to HTTP Request Smuggling.

Apart from the web application firewall(WAF) from NGINX App Protect, is there any other solution to tackle this vulnerability? I am relatively new to NGINX and reverse proxies, if NGINX does have an alternate solution, please do share.

Thank you

Sai Vishnu
  • 1
  • 1
  • i am unsure vut i believe that this question would be better fit on security instead of here even its a interesting sounding question – djdomi Dec 07 '21 at 15:15
  • I've posted the question here because this involves understanding how Nginx and its users tackle the vulnerability. Could you please share the link for security if thats a different forum, I'll post the question there as well. – Sai Vishnu Dec 08 '21 at 07:37
  • i think its: https://security.stackexchange.com/ – djdomi Dec 08 '21 at 18:40
  • Thank you. I have posted the question there as well. – Sai Vishnu Dec 09 '21 at 06:29

0 Answers0