HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0

The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2.

It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers.

Why HTTP/2? 

HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more harder to kill compared to HTTP/1.1 Keep-Alive. So the former method when we have noticed a bad IP our system, interrupted the connection and redirected it to our CAPTCHA page had to be forgotten.

Now with the help of HAProxy, we chose a different backend solution when an IP gets greylisted or resolved.

And good news, some bugs due to the interruption of HTTP/1.1 Keep-Alive before, have been fixed during this development. Also, it happened sometimes that the browser loaded a page with no content on it – because of the interruption of HTTP/1.1 Keep-Alive. Now it’s all good.

Benchmark 

This protocol is tad bit more expensive, than HTTP/1.1. If we are talking about only one connection with a static content, HTTP/1.1 is recommended with Keep-Alive, but when we are talking about a normal website, when there are 10-40 static files, in those cases HTTP/2 is more the way to go.

Our test environment for the case was:

  • Intel Core i7 7700HQ (8 core)
  • 4GB RAM
  • Basic apache2

With one static (apache2 default) welcome page, load time on HTTPS was 70000 requests/min. After we have enabled the HAProxy without WAF it has raised to 86000 requests/min. With WAF enabled, it has decrased to 56000 requests/min (As you know, WAF doesn’t scan jpg, js and other similar static files, so this case doesn’t cover every sceniario).

How to enjoy http2 support? 

All you have to do is enable SSL and our WAF module and you are ready to go.

Share your ideas with us about this article

Previous posts

Riskware – a thin line between benign and malicious programs
Riskware – a thin line between benign and malicious programs Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot about the first ones, the malware, but what about riskware? What is riskware at all? There are some legitimate computer programs which can act as malware and cause damage if they are used by bad guys. It’s like a gun. It matters who holds it and why. A gun is very dangerous in a killer’s hand,...
What is going on in the background of the cyberworld
There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only one day one country has invaded 150 other countries. Now you would start to think: why can't I remember anything like this? Well, the answer is simple, it was the "in"famous WannaCry ransomware, it has invaded more than 200 thousand computers. By assumptions, it originated from North...