Block all http 1.0 requests. on apache server please help

Forum Moderators: phranque

Message Too Old, No Replies

Block all http 1.0 requests. on apache server please help

born2run

2:00 am on Jul 18, 2017 (gmt 0)

I placed the following to block http1.0 requests:

RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
RewriteRule ^.* - [F]

Would this block http 1.0 requests? Coz bots use this protocol it seems.

or this is better? To allow only http 1.1 :

RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]

keyplyr

2:27 am on Jul 18, 2017 (gmt 0)

This will depend on how your server logs requests (many CDNs will alter this so it may not be possible.)

This is what I use:

RewriteCond %{THE_REQUEST} HTTP/1\.0$
!^*\.*[**]\.
!^*\.**\.
!^**\.**\.
!^***\.**\.
RewriteRule !^(favicon\.ico|forbidden\.html|robots\.txt)$ - [F]

* = IP ranges allowed to use HTTP/1.0

lucy24

2:43 am on Jul 18, 2017 (gmt 0)

Isn't that what REQUEST_PROTOCOL is for?

:: wandering off in search of the difference among REQUEST_PROTOCOL, SERVER_PROTOCOL and HTTP_VERSION ::

A tiny number of law-abiding robots still use HTTP/1.0. Make sure you've poked holes for any that you personally are willing to see.