Joined: 03 Mar 2002
|Posted: Wed Aug 25, 2021 8:31 pm Post subject: [Article] Changes introduced by HTTP/2 support
|Some details in Abyss Web Server had to be updated to accomodate HTTP/2 support:
Throttling in Abyss Web Server is now request-based. Some throttling parameters in previous versions referred to concurrent connections instead of concurrent requests since both counts are almost equivalent in HTTP/1.1.
But with HTTP/2's ability to multiplex multiple requests over the same connection, it was imperative to clarify the way throttling counters work.
Log files formart contains an excerpt of the HTTP request known as the "Request line" which looks like:
|GET /test.html HTTP/1.1 |
Since HTTP/2 uses special headers to report the request verb (:method = GET) and virtual path (:path = /test.html), logging has to generate a fake "Request line" to mimic HTTP/1.1 semantics and to be compatible with the way logs are written and expected by analysis software.
A fictuous request line is generated for logging with HTTP/2.0 and looks like:
|GET /test.html HTTP/2.0 |
The anti-hacking feature monitors incoming traffic to the Web server and blacklists IPs which send too many bad requests (i.e. requests which cause replies with a status code in the range from 400 to 499.)
When a visitor connects to the Web server, its IP is first checked against the blacklist: if it is there, the connection is aborted.
Now with the advent of HTTP/2 and long lasting multiplexed connections, the above test is also done for each new request even though it is made over a connection which IP was initially allowed.
This extension of the behavior of antihacking is required for mitigating situations where a visitor creates a HTTP/2 connection to the server, and starts sending bad requests over it.
Over time, the visitor's IP will be on the blacklist while the connection is still alive and maintained. So testing for the IP at each new request will help drop the connection as soon as the IP is flagged and put in the balacklist.
Follow @abyssws on Twitter
Subscribe to our newsletter
Aprelium - https://aprelium.com