Skip to content

Commit

Permalink
[DOCS] Fix default for http.compression setting (#56899)
Browse files Browse the repository at this point in the history 
Elasticsearch enables HTTP compression by default. However, to mitigate
potential security risks like the BREACH attack, compression is disabled by
default if HTTPS is enabled.

This updates the `http.compression` setting definition accordingly and adds
additional context.
  • Loading branch information
@Leaf-Lin
Leaf-Lin authored May 20, 2020
1 parent 4039849 commit 7d15755
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion docs/reference/modules/http.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,12 @@ to `4kb`


|`http.compression` |Support for compression when possible (with
Accept-Encoding). Defaults to `true`.
Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults
to `true`.

Disabling compression for HTTPS mitigates potential security risks, such as a
https://en.wikipedia.org/wiki/BREACH[BREACH attack]. To compress HTTPS traffic,
you must explicitly set `http.compression` to `true`.

|`http.compression_level` |Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression)
and 9 (maximum compression). Defaults to `3`.
Expand Down

0 comments on commit 7d15755

Please sign in to comment.