9Ara
What are NGINX reverseproxy users doing to prevent HTTP Request smuggling?
Since NGINX does not support sending HTTP/2 requests upstream, what are the present NGINX reverseproxy users doing to mitigate HTTP Request Smuggling vulnerability?
I understand that the best way to prevent HTTP Request Smuggling is by sending HTTP/2 requests end to end. Since NGINX when used as reverseproxy sends requests upstream using HTTP/1.1, I believe this exposes the backend to HTTP Request Smuggling.
Apart from the web application firewall(WAF) from NGINX App Protect, is there any other solution to tackle this vulnerability? I am relatively new to NGINX and reverse proxies, if NGINX does have an alternate solution, please do share.
Thank you
