apachevirtualhosthttpd.confhttp2web-application-firewall

Apache logs shows us we are using HTTP1.1 instead of HTTP2 protocol even HTTP/2 is enabled (through WAF)


Do you know why our apache logs shows us we are using HTTP1.1 instead of HTTP2 protocol even HTTP/2 is enabled in our server?

I make sure that mod_http2 module was already installed and loaded:

$sudo httpd -M | grep http2_module

http2_module (shared)

Also, I make sure virtualhost is configured to use HTTP2:

<VirtualHost *:443>

...

Protocols h2 h2c http/1.1

...

</VirtualHost>

The apache logs always shows us we are using HTTP1.1 instead of HTTP2 protocol:

XXX.WWW.YYY.ZZZ (XXX.WWW.YYY.ZZZ) - [25/Oct/2023:11:55:06 +0200] "GET /test_http2.php HTTP/1.1" 200 33

If we skip the WAF and we access directly to our server, we can see that HTTP2 is working: XXX.WWW.YYY.ZZZ (-) - [25/Oct/2023:11:53:07 +0200] "GET /test_http2.php HTTP/2.0" 200 33

It could be related with our WAF (in our case, Sucuri) or with our server configuration?


Solution

  • I'd like to answer my own question. The reason we're seeing requests using HTTP/1.1 at the hosting server is due to our WAF. Our WAF is built on Nginx, which doesn't support HTTP/2 for proxy connections to upstream servers : https://www.nginx.com/blog/http2-module-nginx/#QandA