Login/Register
How to disable HTTP1.1 and only use HTTP/2 in Windows Server 2016 and IIS 10?
Asked Answered
iishttp2http-1.1
U

1

0

Traffic to my site is using HTTP1.1, and I want to force the server to only use HTTP/2.

I'm running Windows Server 2016 and IIS 10. I've tried adding

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
    • EnableHttp2Tls: DWORD = 1
    • EnableHttp2ClearText: DWORD = 1

but it is still serving HTTP1.1.

I'm obviously missing something here, but I'm not exactly sure what. Is what I'm asking for even possible?

Unreeve answered 7/12, 2021 at 18:40 Comment(4)
I don't think HTTP 1.1 is going away yet. There are certain things you won't get in HTTP 2.0 and disabling 1.1 can break quite a few existing web apps. But if you do want to test whether your web apps work in HTTP 2.0 only mode, you can use a URL Rewrite rule to abort all HTTP 1.1 requests.Exorcist
The issue I'm running into is that my server has been flagged for having an HTTP Request Smuggling vulnerability. I read that this is a possible solution to solve the problem by forcing HTTP2Unreeve
I think what @LexLi mentioned is this answer. And you may refer to this document and decide if you will insist on using http2.0.Kenay
@Unreeve did you resolve it? Because I also need this to prevent vulnerability, I've made a question linkSeaworthy
C
0

From ServerFault:

  1. Download and install URL Rewrite.

  2. Add the following to your web.config file, to the <system.webServer> section:

    web.config

    <rewrite>
    <rules>
         <rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
             <match url="*" />
             <conditions>
                 <add input="{SERVER_PROTOCOL}" pattern="HTTP/1.0" />
             </conditions>
             <action type="AbortRequest" />
         </rule>
     </rules>
 </rewrite>

This will refuse all HTTP 1.0 requests with a HTTP 504 error code.

After installing URL Rewrite, you can also configure rewrite rules in IIS Manager:

enter image description here

Cain answered 3/5, 2022 at 13:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.