From d296edef8e776aab55d969603bdd6e2345b8d6b5 Mon Sep 17 00:00:00 2001
From: Takashi Sato <takashi@apache.org>
Date: Fri, 23 May 2014 20:50:17 +0000
Subject: [PATCH] Merge r1517551, r1517588 and r1517589 from trunk

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1597179 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_deflate.xml | 45 +++++----------------------------
 1 file changed, 7 insertions(+), 38 deletions(-)

diff --git a/docs/manual/mod/mod_deflate.xml b/docs/manual/mod/mod_deflate.xml
index ab4a99a5c1..a8da0c2455 100644
--- a/docs/manual/mod/mod_deflate.xml
+++ b/docs/manual/mod/mod_deflate.xml
@@ -54,6 +54,11 @@ client</description>
 </section>
 
 <section id="enable"><title>Enabling Compression</title>
+    <note type="warning"><title>Compression and TLS</title>
+        <p>Some web applications are vulnerable to an information disclosure
+        attack when a TLS connection carries deflate compressed data. For more
+        information, review the details of the "BREACH" family of attacks.</p>
+    </note>
 
     <section id="output"><title>Output Compression</title>
       <p>Compression is implemented by the <code>DEFLATE</code>
@@ -62,15 +67,10 @@ client</description>
       is placed:</p>
 
       <highlight language="config">
-        SetOutputFilter DEFLATE
+SetOutputFilter DEFLATE
+SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip 
       </highlight>
 
-      <p>Some popular browsers cannot handle compression of all content
-      so you may want to set the <code>gzip-only-text/html</code> note to
-      <code>1</code> to only allow html files to be compressed (see
-      below). If you set this to <em>anything but <code>1</code></em> it
-      will be ignored.</p>
-
       <p>If you want to restrict the compression to particular MIME types
       in general, you may use the <directive module="mod_filter"
       >AddOutputFilterByType</directive> directive. Here is an example of
@@ -83,37 +83,6 @@ client</description>
 &lt;/Directory&gt;
       </highlight>
 
-      <p>For browsers that have problems even with compression of all file
-      types, use the <directive module="mod_setenvif"
-      >BrowserMatch</directive> directive to set the <code>no-gzip</code>
-      note for that particular browser so that no compression will be
-      performed. You may combine <code>no-gzip</code> with <code
-      >gzip-only-text/html</code> to get the best results. In that case
-      the former overrides the latter. Take a look at the following
-      excerpt from the <a href="#recommended">configuration example</a>
-      defined in the section above:</p>
-
-      <highlight language="config">
-BrowserMatch ^Mozilla/4         gzip-only-text/html
-BrowserMatch ^Mozilla/4\.0[678] no-gzip
-BrowserMatch \bMSIE             !no-gzip !gzip-only-text/html
-      </highlight>
-
-      <p>At first we probe for a <code>User-Agent</code> string that
-      indicates a Netscape Navigator version of 4.x. These versions
-      cannot handle compression of types other than
-      <code>text/html</code>. The versions 4.06, 4.07 and 4.08 also
-      have problems with decompressing html files. Thus, we completely
-      turn off the deflate filter for them.</p>
-
-      <p>The third <directive module="mod_setenvif">BrowserMatch</directive>
-      directive fixes the guessed identity of the user agent, because
-      the Microsoft Internet Explorer identifies itself also as "Mozilla/4"
-      but is actually able to handle requested compression. Therefore we
-      match against the additional string "MSIE" (<code>\b</code> means
-      "word boundary") in the <code>User-Agent</code> Header and turn off
-      the restrictions defined before.</p>
-
       <note><title>Note</title>
         The <code>DEFLATE</code> filter is always inserted after RESOURCE
         filters like PHP or SSI. It never touches internal subrequests.
-- 
2.40.0