I ran into this snippet in an Apache config file that someone else wrote, but I'm not sure of the purpose. Could anyone explain what this is for?
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1\.1$
RewriteRule .* - [F]
Asked
Active
Viewed 211 times
1
MrWhite
- 11,643
- 4
- 25
- 40
FluffyBeing
- 113
- 3
-
See https://serverfault.com/questions/885724/how-to-disable-http-1-0-protocol-in-apache – user5994461 Feb 19 '19 at 22:03
1 Answers
0
Those directives reject (403 Forbidden) any request that is not HTTP/1.1. Many bots crawl with a HTTP/1.0 request header - so these will be blocked. All modern browsers will use HTTP/1.1 (at least). However, with HTTP/2.0 already here, these directives are arguably outdated and should not be used.
The THE_REQUEST server variable contains the initial request header of the form:
GET /foo HTTP/1.1
If you want to block HTTP/1.0 only then you could use something like the following instead:
RewriteEngine On
RewriteCond %{THE_REQUEST} HTTP/1\.0$
RewriteRule ^ - [F]
MrWhite
- 11,643
- 4
- 25
- 40