LinuxQuestions.org - Risk for using HTTP/1.0 instead of HTTP/1.1

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Risk for using HTTP/1.0 instead of HTTP/1.1 (https://www.linuxquestions.org/questions/linux-server-73/risk-for-using-http-1-0-instead-of-http-1-1-a-4175517248/)

Val_apache

09-03-2014 03:42 AM

Risk for using HTTP/1.0 instead of HTTP/1.1

Hello all,

I have a question for Apache masters ..

Due to some 502 http error. I set some parameters in my httpd.conf like :

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1

What is the risk to use HTTP/1.0 instead of HTTP/1.1 ?

Is there security risk ?

Regards

unSpawn

09-06-2014 03:42 AM

I'm not an "Apache master" but I'd say, looking at Real Life vulnerabilities, the risk isn't in the protocol version but more likely in what the web stack provides (wrongly configured, improperly exposed, outdated or otherwise vulnerable software I mean). BTW you should be absolutely certain you should combat HTTP 502 errors in this way.

All times are GMT -5. The time now is 05:29 PM.