H2C smuggling in Nginx config rule does not pass when following recommended mitigation

**Describe the bug**

The rules's mitigtation advise says to hardcode the header to `Upgrade websocket` to avoid the possibility of H2C smuggling. However, even when implementing that mitigation, the rule continues to fail.

**To Reproduce**

Any socket.io style nginx proxy setup.

**Expected behavior**

The rule should not fire false positives when the suggested mitigtation actions are implemented.

**Priority**
How important is this to you?
- [x] P0: blocking me from making progress
- [ ] P1: this will block me in the near future
- [ ] P2: annoying but not blocking me

**Additional Context**

PR created with fix: #3767

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

H2C smuggling in Nginx config rule does not pass when following recommended mitigation #3768

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

H2C smuggling in Nginx config rule does not pass when following recommended mitigation #3768

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions