[DOCS] Fix default for http.compression setting (#56899)

Elasticsearch enables HTTP compression by default. However, to mitigate potential security risks like the BREACH attack, compression is disabled by default if HTTPS is enabled. This updates the `http.compression` setting definition accordingly and adds additional context. Co-authored-by: Leaf-Lin <[email protected]>
elastic · May 20, 2020 · 1bfd7ef · 1bfd7ef
1 parent 04f9733
commit 1bfd7ef
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/docs/reference/modules/http.asciidoc b/docs/reference/modules/http.asciidoc
@@ -47,7 +47,12 @@ to `4kb`
 
 
 |`http.compression` |Support for compression when possible (with
-Accept-Encoding). Defaults to `true`.
+Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults
+to `true`.
+
+Disabling compression for HTTPS mitigates potential security risks, such as a
+https://en.wikipedia.org/wiki/BREACH[BREACH attack]. To compress HTTPS traffic,
+you must explicitly set `http.compression` to `true`.
 
 |`http.compression_level` |Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression)
 and 9 (maximum compression). Defaults to `3`.