A reminder that with the current trunk (and a few recent point releases) of Nginx, HTTP/2 can finally be set on the backend, mitigating for HTTP request 'smuggling' attacks through the rev proxy.

https://portswigger.net/web-security/request-smuggling

#infosec #sysadmin