Hi Tim, On Tue, 17 Nov 2020 at 13:35, Tim Düsterhus, WoltLab GmbH <duester...@woltlab.com> wrote: > > Hi > > Am 09.11.20 um 12:36 schrieb Tim Düsterhus, WoltLab GmbH: > > is it possible to reliably disable client keep-alive on demand based on > > the result of an ACL? > > > > I was successful for HTTP/1 requests by using: > > > > http-after-response set-header connection close if foo > > > > But apparently that has no effect for HTTP/2 requests. I was unable to > > find anything within the documentation with regard to this either.
I don't think there is a way. In HTTP/2 you'd need to send a GOAWAY message to close the connection. There are no instructions in the HTTP headers regarding the connection. I *think/hope* we are actually sending GOAWAY messages when: - some timeouts are reached - hard-stop-after triggers - a "shutdown session ..." is triggered You could check if sending a "421 Misdirected Request" error to the client could achieve your goal, but it certainly behaves differently than a close in H1 (you can't get a successful answer to the client). It's also a workaround. Triggering GOAWAY/full H2 connection teardown dynamically would need to be implemented. I think in HTX all connection headers are immediately dropped (they are not "translated" and applied to the connection). cheers, lukas [1] https://tools.ietf.org/html/rfc7540#section-9.1.2