AWS WAFv2 how to use httpRequest.httpVersion in rules

Question

I am wondering if it is possible to check HTTP version and incorporate them into WAF rules.

For example - check httpRequest.httpVersion = 'HTTP/1.1' then add a label, the label would then be used in other rules.

Abheesh · Answer

AWS WAFv2 does not currently offer a direct configuration option for HTTP version. 
However, we can leverage CloudFront to achieve this functionality. 
CloudFront acts as the initial service that receives the request and adds the following headers:

-   CloudFront-Forwarded-Proto – Contains the protocol of the viewer's request (HTTP or HTTPS).
-   CloudFront-Viewer-Http-Version – Contains the HTTP version of the viewer's request.
-   CloudFront-Viewer-TLS – Contains the SSL/TLS version, the cipher, and information about the SSL/TLS handshake that was used for the connection between the viewer and CloudFront. 
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html

AWS WAFv2 how to use httpRequest.httpVersion in rules

Relevant content