Disable HTTP/2 for a specific domain

kristian

kristian

Verified User
Joined
Nov 4, 2005
Messages
461
Location
Norway
Hi,

A customer was wondering why file uploads using HTTP POST was slow (e.g. compared with SFTP which can fill up the link easily). After much investigation, I found out that an upload over HTTP/2 is much slower than over HTTP/1.1 when link speeds are high. This blog post by Cloudflare explains the technical details better than I can: https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/

While clients probably could force their connection to be HTTP/1.1 (e.g. with the --http1.1 option to curl), this is not so easy to enforce when your clients are typical users. Because of this, I'm looking for a safe way to disable HTTP/2 for a certain domain, or possibly only a certain script. Is there a way to do this?
 
Try setting this in the custom HTTPD configuration (Apache):

Code: 
PolicyVersion enforce HTTP/1.1

P.S. Whoops... it looks like it's available from version 2.5.0+ and you are most probably still on 2.4... I will look for another solution later.
 
This should do it - in .htaccess file you can force Apache to remove the upgrade header:

Code: 
Header unset Upgrade

Therefore it will not inform the browser that http2 is preferred.
 
Thanks, I suspected something like that, but it seems this won't force a downgrade if the client already offers h2. It does remove the Upgrade header if I connect with http/1.1 and don't offer http/2 at all though, so it does what it's supposed to do I guess.

Setting Protocols http/1.1 in the custom HTTPD config would probably work, as the server then shouldn't accept the offer of h2 from a client with http/2 support. It would actually be great to only force the downgrade for the file upload endpoint, and not the entire vhost though.
 
Yep, that did the trick. I will let the customer decide if they want to force HTTP/1.1 on their site or not. Thanks for your input!
 
Browsers always connect to http 1.1 first and then upgrade further requests to 2 if offered. So it should be fine.

There is a way to disable HTTP2 but I will definitely NOT recommend it:

Code: 
RewriteCond %{SERVER_PROTOCOL} ^HTTP/2\.0$ [NC]
RewriteRule . [F,L]
 
You must log in or register to reply here.
Back
Top