|
Lines 37-42
Link Here
|
| 37 |
</summary> |
37 |
</summary> |
| 38 |
<seealso><a href="../filter.html">Filters</a></seealso> |
38 |
<seealso><a href="../filter.html">Filters</a></seealso> |
| 39 |
|
39 |
|
|
|
40 |
<section id="supportedenc"><title>Supported Encodings</title> |
| 41 |
<p> |
| 42 |
Does the module support only gzip? The answer needs some background: |
| 43 |
<a href="http://www.gzip.org/zlib/zlib_faq.html#faq38">http://www.gzip.org/zlib/zlib_faq.html#faq38</a></p> |
| 44 |
|
| 45 |
<note> |
| 46 |
<p>What's the difference between the "gzip" and "deflate" HTTP 1.1 encodings?</p> |
| 47 |
|
| 48 |
<p>"gzip" is the gzip format, and "deflate" is the zlib format. They should probably have called the second one "zlib" instead to avoid confusion with the raw deflate compressed data format. While the HTTP 1.1 RFC 2616 correctly points to the zlib specification in RFC 1950 for the "deflate" transfer encoding, there have been reports of servers and browsers that incorrectly produce or expect raw deflate data per the deflate specficiation in RFC 1951, most notably Microsoft. So even though the "deflate" transfer encoding using the zlib format would be the more efficient approach (and in fact exactly what the zlib format was designed for), using the "gzip" transfer encoding is probably more reliable due to an unfortunate choice of name on the part of the HTTP 1.1 authors. </p> |
| 49 |
|
| 50 |
<p>Bottom line: use the gzip format for HTTP 1.1 encoding.</p> |
| 51 |
</note> |
| 52 |
</section> |
| 53 |
|
| 40 |
<section id="recommended"><title>Sample Configurations</title> |
54 |
<section id="recommended"><title>Sample Configurations</title> |
| 41 |
<note type="warning"><title>Compression and TLS</title> |
55 |
<note type="warning"><title>Compression and TLS</title> |
| 42 |
<p>Some web applications are vulnerable to an information disclosure |
56 |
<p>Some web applications are vulnerable to an information disclosure |