Older http versions

while testing a rule to block older HTTP versions. currently set to skip, just to check what it will match
not http.request.version in {“HTTP/2” “HTTP/3”}
sometimes it was matching HTTP/3 and HTTP/2
for example:
IP address ***
ASN AS57269
Country Spain
User agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36
HTTP Version HTTP/3
Method GET
Host example.com
Path /admin/index.php
Query string ?controller=AdminLogin&token=778374fc&redirect=AdminDashboard

another question, does managed CF ruleset or owasp block http/1.0 ?

I would recommend blocking HTTP versions that you don’t want rather than allow only the ones you want.

The default ones do not block and I am not sure if there is a rule that does.

1 Like

Would you have an idea why it matched HTTP/3 ?
i just tried blocking HTTP/1.0 and SPDY/3.1 but again it matched 1 hit with HTTP/3

What you share the output of the WAF event that blocked HTTP/3

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.