6

HTTP 1.0 has security weakness related to session hijacking. Is there a way to disable it by using the mod_rewrite module?

syam
  • 198
  • 1
    What weakness are you talking about? The premise seems flawed, and it makes very little sense to forbid "HTTP/1.0" requests. – Ángel Nov 29 '17 at 02:22

2 Answers2

5

You may try this mod_rewrite, this worked for me. Here the server would try to respond with a 403-Forbidden response code.

RewriteCond %{THE_REQUEST} HTTP/1\.0$
RewriteCond %{REQUEST_URI} !^/path-to-your-custom-403-error-page\.html$
RewriteRule .? - [F]
zyan Billings
  • 63
4
  1. Ensure to load mod_rewrite module in httpd.conf file

  2. Enable RewriteEngine directive as following and add Rewrite condition to allow only HTTP 1.1

    RewriteEngine On

RewriteCond %{THE_REQUEST} !HTTP/1.1$

RewriteRule .* - [F]
Kemia rabada
  • 72