HTTP/2 Rapid Reset Attack Impacting F5 NGINX Products - NGINX

Analytics cookies are off for visitors from the UK or EEA unless they click Accept or submit a form on nginx.com. They’re on by default for everybody else. Follow the instructions here to deactivate analytics cookies. This deactivation will work even if you later click Accept or submit a form. Check this box so we and our advertising and social media partners can use cookies on nginx.com to better

[tmatsuu]

HTTP/2 Rapid Reset Attackの脆弱性、nginxも影響を受ける可能性があるが、keepalive_requestsとhttp2_max_concurrent_streamsのパラメータがデフォルトなら影響は小さい。さらに設定するならlimit_connとlimit_reqを検討してね

[Akaza]

“By relying on the default keepalive limit, NGINX prevents this type of attack.”