WHY DOESN'T WORK BLOCK HTTP 1.0 to 1.2?

I tried create rules block HTTP version 1.0 to 1.2 doesn’t work and why?

May I ask what the reason for this is?
The HTTP Protocol will be negotiated by the client and server and the highest HTTP protocol that matches will be used. So if someone calls your pages with HTTP 1.0 the the reason behind this is backwards compatibillity and probably also because this visitor uses an older browser which does not support HTTP 2 or HTTP 3.

My client visit mostly use version HTTP 2 and 3, I looking block HTTP 1.0 to 1.2 because mostly use bypass dos attack script old browser version. Any idea block it? Thank you…

I’ve not tried this rule before, but I just tried a few different variations and it blocks as intended.

Can you post a screenshot of your rule?

May I suggest below tutorial (expression) for a Firewall Rule to achive the wanted “block HTTP/1.0”:

Furthermore, from my opinion I would rather not block the HTTP/1.1 for a variety of reasons.

You could try to block by the part of a string for user-agent, or either by the ASN, if so.

Nevertheless, country blocking is still an option there and you could combine multiple things to achieve what you want in a single Firewall Rule.

2 Likes

What is HTTP 1.2?

Are you mixing up TLS and HTTP?

1 Like

Doesn’t work firewal rules still attacking HTTP 1.1 version. :man_shrugging:

Doesn’t work, I tried block user-agent they smart bypass random querry string, user agent, 400k proxy what I am looking simple block HTTP 1.0 to 1.2 and why CF rules doesn’t work?

You are using the boolean AND. As no single request can have HTTP version 1.0 AND 1.1 AND 1.2 at the same time, that rule will never match any requests.

3 Likes

could you know how to block http version give me example expression? I need it should be great.

If you just want to block old versions of HTTP then this will do the trick:

(http.request.version in {"HTTP/1.0" "HTTP/1.1" "HTTP/1.2"})

I’m not sure what you are trying to do with the query parameters, so cannot give you a full example.

If you want to block any request that matches one of a number of different expressions you need to use OR. If you use AND then it has to match each and every one of the expressions, or the overall firewall rule will not match.

I suspect that have misunderstood the meaning of http.request.uri.query also, as it explicitly does not include ?. You should consult the documentation

4 Likes

It’s working, thank you very much :bowing_man: :heart:

But little problems domain.sh is blocked https://domain.sh works cause blocked HTTP versiion 1.1 anyone know redirect or forwearding domain.com to https://domain.com?