Help me understand

Hello, help me understand, I’m creating rules for blocking Cloudflare access to sites over HTTP 1.0, 1.1, 1.2. If you look at the server logs, there are no such requests, all HTTP requests are 2 and 3. But for some reason HTTP 1.1 requests are blocked. I don’t understand where they come from if they are not in the server logs)

I’m not sure I understand. If you’re blocking them, why would you expect to see them in the server log?

2 Likes

No, look, before any locks, I don’t see them in the log. I block 1.0-1.2 and immediately start having problems accessing the site , as well as in the admin panel itself. I turn off the lock everything comes back to normal. There is no difference which server, for example Nginx+Apache, or just Ngix+PHP.

https://handmadeflowers.angellive.ru

These are my requests to my server, but if you look at the server logs there is not a single request (and never when, month, year) HTTP 1.0-1.2, only HTTP 2 -3

The requests in your screenshots are bots, not browsers, so maybe Cloudflare was blocking them anyway, even without your rule?

This is the server log, it is in order to clearly show that there are no requests and never was over HTTP 1.0-1.2, and therefore they can be blocked on the Cloudflare side, but after blocking, as I have already shown, problems begin

In analyzing the situation, I came to this:
the REST API accesses the. ru domain handmadeflowers. angellive(I do not know why it needs it), and receives a 403 code in response. Also, loopback requests - the site accesses itself via an external network, and not inside the server. These requests are easy to find, all of them will be from the server’s IP address

The logs will also contain information about the reason why the 403 code is given.

It remains to understand how and why it does this, as well as why Cloudflare proxies it

A few misconceptions here.

There is no protocol called HTTP 1.2. There is HTTP/1.0, HTTP/1.1, HTTP/2 and HTTP/3. (There was also HTTP/0.9, but you are unlikely to see it with real users). There is a TLS 1.2, which might be where the confusion comes from.

The connection from a user to the Cloudflare edge is not the same as the connection from Cloudflare to your Origin. They can and will use different protocols. Whatever you are seeing in your log files has no relation to the Cloudflare WAF rule. HTTP/2.0 to the Origin is enabled by default on non-Enterprise plans.

that is not the domain from the screenshots you shared for the Cloudflare WAF.

2 Likes


В в общем “тайна покрытая мраком”), но остается один вопрос почему запросов по HTTP 1.1 в логе нет, а при блокировке в Clouflare блокируются все запросы по HTTP 1.1. Но ответа так и не найдено)

And here, in general, the question is different, Wordpress accesses itself via an external network, for example, API or CRon, respectively, as I understand it, if it accesses via HTTP 1.1, then the rule in Cloudlare for blocking the outdated HTTP 1.1 protocol will not work. Also, some bots, such as those requesting RSS, will also be blocked. In general, the topic is both clear and not very clear). You can close it

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.