add a warning about BREACH to the first two sample configurations.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1517589 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_deflate.xml b/docs/manual/mod/mod_deflate.xml
index 783ca9c2817c1827f1f479f3003ee987ee932585..a8da0c245540167057e20e3f8fd49c2826f06ad5 100644 (file)
--- a/docs/manual/mod/mod_deflate.xml
+++ b/docs/manual/mod/mod_deflate.xml
@@ -38,6 +38,11 @@ client</description>
 <seealso><a href="../filter.html">Filters</a></seealso>
 
 <section id="recommended"><title>Sample Configurations</title>
+    <note type="warning"><title>Compression and TLS</title>
+        <p>Some web applications are vulnerable to an information disclosure
+        attack when a TLS connection carries deflate compressed data. For more
+        information, review the details of the "BREACH" family of attacks.</p>
+    </note>
     <p>This is a simple configuration that compresses common text-based content types.</p>
 
     <example><title>Compress only a few types</title>
@@ -49,6 +54,11 @@ client</description>
 </section>
 
 <section id="enable"><title>Enabling Compression</title>
+    <note type="warning"><title>Compression and TLS</title>
+        <p>Some web applications are vulnerable to an information disclosure
+        attack when a TLS connection carries deflate compressed data. For more
+        information, review the details of the "BREACH" family of attacks.</p>
+    </note>
 
     <section id="output"><title>Output Compression</title>
       <p>Compression is implemented by the <code>DEFLATE</code>