Attachment 33384 Details for Bug 57813 – If statements plus supported encodings (bug 53121)

[patch] If statements plus supported encodings (bug 53121)

mod_deflate_patch.txt (text/plain), 2.91 KB, created by Luca Toscano on 2015-12-29 21:40:17 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Luca Toscano

Created: 2015-12-29 21:40:17 UTC

Size: 2.91 KB

patch

obsolete

>Index: ../mod/mod_deflate.xml
>===================================================================
>--- ../mod/mod_deflate.xml	(revision 1721920)
>+++ ../mod/mod_deflate.xml	(working copy)
>@@ -37,6 +37,20 @@
> </summary>
> <seealso><a href="../filter.html">Filters</a></seealso>
> 
>+<section id="supportedenc"><title>Supported Encodings</title>
>+  <p>
>+  Does the module support only gzip? The answer needs some background:
>+  <a href="http://www.gzip.org/zlib/zlib_faq.html#faq38">http://www.gzip.org/zlib/zlib_faq.html#faq38</a></p>
>+
>+  <note>
>+  <p>What's the difference between the "gzip" and "deflate" HTTP 1.1 encodings?</p>
>+
>+<p>"gzip" is the gzip format, and "deflate" is the zlib format. They should probably have called the second one "zlib" instead to avoid confusion with the raw deflate compressed data format. While the HTTP 1.1 RFC 2616 correctly points to the zlib specification in RFC 1950 for the "deflate" transfer encoding, there have been reports of servers and browsers that incorrectly produce or expect raw deflate data per the deflate specficiation in RFC 1951, most notably Microsoft. So even though the "deflate" transfer encoding using the zlib format would be the more efficient approach (and in fact exactly what the zlib format was designed for), using the "gzip" transfer encoding is probably more reliable due to an unfortunate choice of name on the part of the HTTP 1.1 authors. </p>
>+
>+<p>Bottom line: use the gzip format for HTTP 1.1 encoding.</p>
>+</note>
>+</section>
>+
> <section id="recommended"><title>Sample Configurations</title>
>     <note type="warning"><title>Compression and TLS</title>
>         <p>Some web applications are vulnerable to an information disclosure
>@@ -174,7 +188,7 @@
>     <example><title>Example</title>
>     <highlight language="config">
>       Header set Vary *
>-      </highlight>
>+    </highlight>
>     </example>
> </section>
> 
>@@ -191,17 +205,15 @@
> &lt;IfModule mod_headers.c&gt;
>     # Serve gzip compressed CSS files if they exist
>     # and the client accepts gzip.
>-    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
>-    RewriteCond "%{REQUEST_FILENAME}\.gz" "-s"
>-    RewriteRule "^(.*)\.css"              "$1\.css\.gz" [QSA]
>-
>+    &lt;If "%{HTTP:Accept-encoding} =~ /gzip/ &amp;&amp; -s '%{REQUEST_FILENAME}\.gz'"&gt;
>+        RewriteRule "^(.*)\.css"  "$1\.css\.gz" [QSA]
>+    &lt;/If&gt;
>     # Serve gzip compressed JS files if they exist
>     # and the client accepts gzip.
>-    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
>-    RewriteCond "%{REQUEST_FILENAME}\.gz" "-s"
>-    RewriteRule "^(.*)\.js"               "$1\.js\.gz" [QSA]
>-
>-
>+    &lt;If "%{HTTP:Accept-encoding} =~ /gzip/ &amp;&amp; -s '%{REQUEST_FILENAME}\.gz'"&gt;
>+        RewriteRule "^(.*)\.js"  "$1\.js\.gz" [QSA]
>+    &lt;/If&gt;
>+  
>     # Serve correct content types, and prevent mod_deflate double gzip.
>     RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
>     RewriteRule "\.js\.gz$"  "-" [T=text/javascript,E=no-gzip:1]

Actions: View | Diff

Attachments on bug 57813: 33384