dstiles - 8:44 pm on Mar 15, 2013 (gmt 0)
As far as I am aware the only "browsers" that run HTTP/1.0 are things like Lynx, which are not GUI browsers and hence very seldom used except for site inspection and scraping. Are you certain these are humans? Or could they be robots dressed as humans - ie androids. :)
If you track back on the IP for those browsers do they show open ports or are they completely closed? Are there any header anomalies? Are the browsers up-to-date or pre-19th century?
I'm not saying you are wrong, just that I haven't seen such things so question their existence. I'm quite prepared to be proven wrong. :)
A quick detaour to find the differences between 1.0 and 1.1...
From a 1996 Apache description on apacheweek.com:
"HTTP/1.1 contains a lot of new facilities, the main ones are: hostname identification, content negotiation, persistent connections, chunked transfers, byte ranges and support for proxies and caches."
In the period since posting the above analysis I notice some variations.
My note that all accesses were to pages with querystrings must be modified: some hits are now occurring to non-querystring URLs - not many but a few, pages such as publicity.asp, join.asp and index.asp (I could accept the first two as hack-points but the home page is a bit strange).
I'm seeing a few querystring instances of the form i=-1%27 where i may be other letters or even "words". As far as I know I do not have any querystring arguments -1%27 so am a bit of a loss on that one (%27 is a single-quote) (all querystrings are ASCII characters only). Sometimes that is the whole qs and sometimes it appears in the middle of other parameters. This is true of some of the early ones reported above and of the latter ones since then.
It is possible that I'm seeing querystring accesses only because there are querystrings, although many pages of each site do not use them.