Hi Harald, have you looked into IronBee? It's developed by the same people as mod_security, but is concepted as multi-server.
https://www.ironbee.com/ ----- Original Message ----- > Hi > > is there an option to deny invalid HTTP versions? > _______________________________________ > > telnet proxy 80 > GET / HTTP/2.1 > host: www.test.rh > _______________________________________ > > the test above leads to a 200 result > this is hardly a serious client connection > > the backend server would not allow it by mod_security > is there away to deny it also on trafficserver? > > SecRule REQUEST_PROTOCOL ^http/0.7$ > "id:'128',t:lowercase,block,msg:'HTTP/0.7 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/0.8$ > "id:'129',t:lowercase,block,msg:'HTTP/0.8 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/0.9$ > "id:'130',t:lowercase,block,msg:'HTTP/0.9 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/1.2$ > "id:'131',t:lowercase,block,msg:'HTTP/1.2 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/1.3$ > "id:'132',t:lowercase,block,msg:'HTTP/1.3 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/2.0$ > "id:'133',t:lowercase,block,msg:'HTTP/2.0 Request Detected'" > SecRule REQUEST_PROTOCOL ^http/2.1$ > "id:'134',t:lowercase,block,msg:'HTTP/2.1 Request Detected'" > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
