1

The recent update to zlib due to a security hole appears to cause a major problem when serving PHP-FPM 8.0 via nginx on Ubuntu focal. Any requests with a gzip encoding fail right at the start of the response, though nginx logs the requests as successful and the correct size. If I make requests without an Accept-Encoding header, it works perfectly. As a workaround, I'm trying to disable all gzip support, but it seems to be remarkably persistent... So far I have tried these settings in nginx:

gzip off;
fastcgi_buffering off;
add_header Accept-Encoding "";
proxy_set_header Accept-Encoding "";

and I've also checked that there are no other directives that turn these back on again by grepping nginx -T output.

However, if I dump the request headers from PHP (i.e. after it's been through nginx), I still see this accept header:

Accept-Encoding: deflate, gzip, br, zstd

so nginx is not stripping it from the request before it's passed through to PHP-FPM. I've tried setting these directives at the server and location levels, with the same results.

In PHP I've disabled all output buffering, but it doesn't appear to be possible to disable zlib without a recompile.

How can I get nginx to strip this request header so that neither nginx nor PHP will compress responses?

Synchro
  • 2,983
  • 5
  • 25
  • 35

1 Answers1

0

proxy_set_header directive is for proxying requests, i.e. for passing them through HTTP-to-HTTP-server chain. And you have the FastCGI server next in chain, so your set of directives starts from fastcgi_.

You can completely disable passing request headers to the PHP by setting fastcgi_pass_request_headers to off, or you can drop the specific header by resetting it with fastcgi_set_header.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • I'm running the nginx-extra package with all bells and whistles, but nginx tells me that the `fastcgi_set_header` directive doesn't exist. – Synchro Apr 01 '22 at 15:13