- Newest
- Most votes
- Most comments
AWS WAFv2 does not currently offer a direct configuration option for HTTP version. However, we can leverage CloudFront to achieve this functionality. CloudFront acts as the initial service that receives the request and adds the following headers:
- CloudFront-Forwarded-Proto – Contains the protocol of the viewer's request (HTTP or HTTPS).
- CloudFront-Viewer-Http-Version – Contains the HTTP version of the viewer's request.
- CloudFront-Viewer-TLS – Contains the SSL/TLS version, the cipher, and information about the SSL/TLS handshake that was used for the connection between the viewer and CloudFront. Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html
Hello Hieuvu,
Yes! it's possible to create a rule with the matching condition to match {Key:Vlaue} "httpVersion":"HTTP/1.1". To create a rule, please check Single header. https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-single-header
To label, use the action count and add the custom label to the request post that we are good to use the label match condition next.
To label: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-add.html Label match condition example: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-match-examples.html
Relevant content
- asked 2 years ago
- asked 4 years ago
- asked 9 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
Hi Chethan,
I do not believe httpVersion is apart of the request header and therefore can not using the suggested match to a single header.