In order to mitigate against the BREACH attack, I would like to selectively enable gzip only when $http_referer
's hostname matches one of my server names.
How would I do this? I tried using valid_referers server_names;
, but it seems like nginx doesn't allow gzip on
inside if statements. When I include this in my conf:
valid_referers server_names;
if ($invalid_referer = "") {
gzip on;
gzip_vary on;
}
I get [emerg] "gzip" directive is not allowed here
. The must be a way to selectively enable gzip.
The nginx documentation specifies that the gzip
option is allowed in the following contexts
Context: http, server, location, if in location
This means you need to wrap the gzip
switch inside a location
block.
gzip off;
server {
listen 80;
server_name localhost;
valid_referers server_names;
location / {
root /var/www/;
index index.html index.htm;
if ($invalid_referer = "") {
gzip on;
}
}
}