Should I block an HTTP 1.0 request?

Question

Should I block an HTTP 1.0 request?

I am using $ _SERVER ['HTTP_HOST'] for the absolute URLs on my website. But often I find nginx HTTP / 1.0 request error logs with undefined HTTP_HOST.

Is it advisable to block these requests? What is the best way to block them?

+4

security php nginx

Medical physicist Apr 12 '14 at 12:03

source share

1 answer

Markus malkusch · Accepted Answer · 2014-04-12T12:33:09+0000

Is it advisable to block these requests?

If your application cannot serve anything meaningful without a host, then this IMO is advisable. In addition, I could not find anything in HTTP 1.1, which states that applications must be backward compatible.

What is the best way to block them?

Answer them 505 HTTP Version Not Supported.

Should I block an HTTP 1.0 request?

More articles: