Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  How to block HTTP/1.0 requests

    Posted 11-10-2021 03:20
    Hi anybody.
    How can I block HTTP/1.0 requests in a WAF on premise? It's possible ?
    Actually what I want to block are all requests whose host-header is empty, and those are HTTP/1.0 requests.

    Regards
    Elfego
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Elfego
    ------------------------------


  • 2.  RE: How to block HTTP/1.0 requests

    Posted 11-23-2021 11:07
    Hi Elfego,

    Thanks for posting.

    I checked in with our support team and they informed me that it is not possible.

    Sorry that I don't have a better answer for you this time.

    Thanks,

    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------

    Original Message


  • 3.  RE: How to block HTTP/1.0 requests
    Best Answer

    Posted 12-15-2022 11:21
    With some testing on my side and the help of support to confirm I created a Condition to capture HTTP/1.0 traffic.

    (request.version == "HTTP/1.0")

    Hope this helps

    ------------------------------
    Mark Zigadlo
    Head of Security
    GETTR USA Inc
    New York NY
    ------------------------------

    Original Message


  • 4.  RE: How to block HTTP/1.0 requests

    Posted 12-20-2022 15:05
    it is posible with imperva on-prem waf (Enterprise Edition 14.6.0.30). I blocked HTTP/1.0 requests in a WAF on premise.
    You can use "Activate HTTP/2 capabilities" for this case.
    Find where the setting is at the top on the Site/Server Group/Service/Reverse Proxy page.


    ------------------------------
    Ulku Erdem Kaya
    Senior Security Technologies Specialist
    Barikat Sistem Bilisim Teknolojileri Tic. A.S.
    Ankara
    ------------------------------

    Original Message