| Author |
|
sam452
Joined: 19 Dec 2016
Posts: 23
Location: US, Nashville
|
 Posted: Sun 03 Jul '22 22:07 Post subject: http/2 support in 2.4.41 |
 |
|
When a vulnerability scan suggested to prefer http/2 I was glad to find this https://www.apachelounge.com/viewtopic.php?t=6804 and followed its instructions.
From what I read 2.4.41 does have this support and I have uncommented the LoadModule http2_module modules/mod_http2.so line.
This is placed after my load of ssl_module in httpd.conf.
| Code: | <IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 http/1.1
</IfModule> |
But after a full Apache restart I use curl to my site to verify that the http/2 is being used but I still get http/.1.
Looking at the Downloads section it doesn't suggest there is a special download of Apache with the nghttp2 support so I would anticipate that my version would have everything it needs. What else should I do to ensure this is loading? thx, sam |
|
| Back to top |
|
tang_88888
Joined: 10 Jul 2015
Posts: 10
|
| Posted: Mon 04 Jul '22 5:11 Post subject: |
|
|
Hi, I've used the following syntax several years ago. Besides, you need to check whether your web application firewall can support this protocol. Since my network team replied that previous firewall had not supported HTTP/2 yet, my Apache HTTP server could only use 1.1 at that time.
| Code: | | Protocols h2 h2c http/1.1 |
Ref:
https://httpd.apache.org/docs/2.4/howto/http2.html |
|
| Back to top |
|
sam452
Joined: 19 Dec 2016
Posts: 23
Location: US, Nashville
|
| Posted: Mon 04 Jul '22 15:09 Post subject: firewall? |
|
|
Thank you for your reply. It suggests that a firewall external to Apache may be the culprit. But the more I think about it a firewall is looking at port numbers and whether it's TCP and/or UDP. I've added the h2c to httpd.conf, restarted Apache. However, when I run
| Code: | | curl -sI http://localhost/ -o/dev/null -w '%{http_version}\n' |
It still returns 1.1 and I would think the Windows firewall is not acting on traffic internal to that server?
Since my download from apache lounge has mod_http available I can assume that it was built with the libnghttp2 library? |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 348
Location: UK
|
| Posted: Mon 04 Jul '22 20:14 Post subject: |
|
|
Your test connection with curl is to a non-secure port, so as tang_88888 says, you need to list the h2c protocol too.
Also, force curl to upgrade to http2 by adding a --http2 option.
This is what I get with, adding -v to see more detail (Windows instance of Apache and curl)
| Code: | C:\>curl -sIv --http2 http://localhost/ -onul -4 -w %{http_version}\n
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> HEAD / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.83.0
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 101 Switching Protocols
< Upgrade: h2c
< Connection: Upgrade
* Received 101
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=153
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< last-modified: Mon, 11 Jun 2007 18:53:14 GMT
< etag: W/"2e-432a5e4a73a80"
< accept-ranges: bytes
< content-length: 46
< content-type: text/html
< date: Sun, 00 Jan 1900 00:00:00 GMT
< server: Apache/2.4.54 (Win64)
<
* Connection #0 to host localhost left intact
2 |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 05 Jul '22 8:37 Post subject: |
|
|
I suggest also adding
H2Upgrade on
H2Direct On |
|
| Back to top |
|
JorgeCarousel
Joined: 14 Jul 2022
Posts: 15
Location: USA, New york
|
| Posted: Wed 10 Aug '22 21:53 Post subject: |
|
|
I'm having the same issue, when using https, it shows as HTTP/2, but when using http it shows as http/1.1, my onfiguration is this:
| Code: | <IfModule http2_module>
ProtocolsHonorOrder On
protocols h2 h2c
H2Upgrade on
H2Direct On
</IfModule> |
Any ideas what I have to do so it is HTTP/2 in clear text? |
|
| Back to top |
|
JorgeCarousel
Joined: 14 Jul 2022
Posts: 15
Location: USA, New york
|
| Posted: Thu 11 Aug '22 17:44 Post subject: |
|
|
I don't know if this is true, but this s what they say at stackoverflow:
And the reason browsers only support HTTP/2 over HTTPS is its so unreliable over HTTP as middleboxes assume HTTP/1 - which means the only use of h2c is for non-browser communication where you’re basically in control of the end to end connection so can skip the upgrade dance and go straight the h2c (aka the “prior knowledge” method of using HTTP/2). The preface message can always be used to reject and/or fallback to HTTP/1 if a client unexpectedly doesn’t support HTTP/2. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 02 Sep '22 13:55 Post subject: |
|
|
| Indeed the major browsers only support http/2 over SSL. |
|
| Back to top |
|
