Selectively Disabling HTTP/1.0 and HTTP/1.1
Summary
The article documents selectively disabling HTTP/1.x traffic on a site to reduce bad actors while moving clients to HTTP/2/HTTP/3. It presents two nginx based approaches (include only known good agents vs exclude questionable agents), includes practical config patterns and testing outcomes showing a dramatic drop in 400/attack traffic, and discusses trade offs and best practices.