View previous topic :: View next topic |
Author |
Message |
tfh -
Joined: 03 May 2020 Posts: 123 Location: Netherlands
|
Posted: Thu Aug 03, 2023 8:54 pm Post subject: Rewrite rule to block http/1.1 requests |
|
|
Is there a way to use the rewrite rules to only accept http/2 connections and to forward http/1.1 requests to a defined error page?
Although I'd still like to do some testing with this, I just realize Googlebot is http/1.1 as well. Hmmm
How to block http/1.1 request while still accepting visits from the Googebot? _________________ https://www.arnauddeklerk.com
https://www.file-hunter.com |
|
Back to top |
|
 |
Horizon -
Joined: 18 Feb 2022 Posts: 60
|
Posted: Sun Aug 06, 2023 3:19 pm Post subject: |
|
|
Hello,
That's a quite uncommon thing to do for a webserver unless you want only web browsers to access it.
By blocking HTTP/1.1 and only allowing HTTP/2, you would be blocking all automated APIs from native computer programs.
Native computer programs that rely on their host system's built-in HTTP APIs will fail to connect.
WinHttp on Windows for example simple always does HTTP/1.1, so if you block it then you block all desktop programs other than Firefox/Chrome/Edge from connecting to your website at all.
If you want to do it anyway, then it's with these CGI variables from the CGI documentation page:
Quote: | If the current request is served over a HTTP/2 connection, the following variables are also available:
HTTP2: It is set to on.
H2_STREAM_ID: A number uniquely identifying the stream within the HTTP/2 connection on which the current request is being served.
H2_STREAM_TAG: A tag uniquely identifying current stream within all HTTP/2 connections of the server. The tag is made of two numbers separated by a hyphen character. |
And for the custom error page, there are two variables that are used for backing up the original virtual path & response code & reusing them in your error page:
Quote: | Example 6-1. Using the redirection information in scripts
If a script is invoked after an internal redirection, it can retrieve some interesting information from the environment about its parent request such as:
REDIRECT_SCRIPT_NAME: The virtual path of the parent document.
REDIRECT_STATUS_CODE: The status code of the parent request. It is useful when writing scripts that generate custom error pages. |
So, in your URLRewrite verify that is variable 'HTTP2' is equal to the text 'on'.
If not, then report the error code '505 - HTTP Version Not Supported' to the client.
Then you simply customize the error page for the 505 code in your host's Custom Error Pages section.
And lastly, in your host's 'General :: Advanced Parameters :: HTTP/2 Parameters' remove the '*/nph-*' row from the 'HTTP/1.1 Required' list. |
|
Back to top |
|
 |
admin Site Admin
Joined: 03 Mar 2002 Posts: 1328
|
Posted: Wed Aug 09, 2023 9:02 pm Post subject: Re: Rewrite rule to block http/1.1 requests |
|
|
tfh wrote: | Is there a way to use the rewrite rules to only accept http/2 connections and to forward http/1.1 requests to a defined error page?
Although I'd still like to do some testing with this, I just realize Googlebot is http/1.1 as well. Hmmm
How to block http/1.1 request while still accepting visits from the Googebot? |
Dangerous reasoning! The HTTP/2 connection could be started as HTTP/1.1 and later upgraded to HTTP/2.
Disabling HTTP/1.1 forces your clients to use HTTP/2 with ALPN only (protocol selection inside the SSL/TLS handshake) and won't account for the other legit mode (HTTP/1.1 then connection UPGRADE to HTTP/2.) _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
 |
tfh -
Joined: 03 May 2020 Posts: 123 Location: Netherlands
|
|
Back to top |
|
 |
|