How to disable HTTP/1.1? And disable downgrading to HTTP/1.1 on Tomcat?

About

Asked 27/9, 2022 at 8:8 Answered 27/9, 2022 at 8:8

java http tomcat http2

I need to leave possibility to execute requests only with HTTP/2 protocol.

System: Apache Tomcat 8, configured to use the HTTP/2 protocol.

I execute this request with --http2 and get result:
Next I execute this request with --http1.1 and get result

This picture means that I still can use HTTP/1.1, but I want to disable it.

How to prevent executing HTTP/1.1 request on Tomcat?

Topi answered 27/9, 2022 at 8:8 Comment(4)

Why do you need to do that? – Undone 2/10, 2022 at 17:48

I need this for preventing "HTTP Request smuggling" vulnerability, which is present in HTTP/1.1 protocol and earlier versions. In HTTP/2 protocol this vulnerability is solved. – Ejaculatory 3/10, 2022 at 7:13

In the future, please do not upload images of code/data/errors when asking a question.. The output of curl for example can easily be posted as text, which is much more accessible. – Arneson 3/10, 2022 at 7:42

This Serverfault question has some limited information on the topic. – Arneson 3/10, 2022 at 7:43

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags