How to disable HTTP 2.0 for a single website or domain

book

Article ID: 237394

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Web Security ISG Proxy

Issue/Introduction

As a test or to troubleshoot HTTP 2.0 related issues, how to disable HTTP 2.0 and downgrade the connection to HTTP 1.1 for a single website site/domain on SGOS 7.3.x.x

Environment

This is applicable only for SGOS 7.3.x.x or later. HTTP 2.0 is enabled by default on SGOS 7.3.x.x. SGOS 6.7.x.x and earlier versions automatically downgrades to HTTP 1.1

Resolution

Below CPL can be applied in a CPL layer in VPM or in local policy file to disable HTTP 2.0 for a single site /domain. This will downgrade to http 1.1. With below CPL proxy will check TLS Extension - SNI (server name indication) against the CPL "client.connection.ssl_server_name" and will remove HTTP 2.0 support from ALPN (Application-Layer Protocol Negotiation) TLS extension. 

<proxy>
client.connection.ssl_server_name=example.com http2.server.request(no)

<proxy>
client.connection.ssl_server_name=example.com http2.client.accept(no)