Hypertext Transfer Protocol Version 2 (HTTP/2.0) is an upgraded version of protocol HTTP/1.1. HTTP/2 enables a more efficient use of network resources and reduced latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. Overall, the goal for designing HTTP/2 was to improve the page load time and user experience. For more information on HTTP/2.0, refer to RFC 7540.
The Barracuda Web Application Firewall now supports protocol HTTP/2.0 between the client and the server. When HTTP/2 is enabled for a service, the Barracuda Web Application Firewall and the client use HTTP/2 to communicate with each other.
How does the Barracuda Web Application work when HTTP/2 is enabled for a service:
- The client sends an HTTP/2 request.
- The Barracuda Web Application Firewall understands the HTTP/2 protocol and parses HTTP/2 frames as they arrive.
- The Barracuda Web Application Firewall coverts the HTTP/2 request to a HTTP/1.1 request.
- The HTTP/1.1 request is passed through the Barracuda Web Application Firewall security modules for inspection and sanitization.
- After performing security validations, the HTTP/1.1 request is sent to the back-end server. The server responds to the response.
- The Barracuda Web Application Firewall converts the response to the HTTP/2 format frames and forwards it to the client.
Multiple HTTP/2 streams can be active at any point of time and the Barracuda Web Application Firewall allows clients to establish multiple HTTP/2 streams. When these streams are received, they are separated out into individual HTTP/1 requests and sent to the backend server using connection pooling. Since the Barracuda Web Application Firewall recognizes that the client is HTTP/2 capable, it does not block if any of the backend HTTP/1 requests is not complete. Rather, it gathers the responses from the completed HTTP/1 requests and streams them out to the client after converting them to HTTP/2 streams.
Each of the HTTP/2 stream corresponding to a HTTP request can also be load balanced by the Barracuda Web Application Firewall, and sent to the back-end servers in parallel, assuming persistence settings allow such distribution.
Enabling HTTP/2 for a Service
It is recommended that you enable HTTP/2 for a service if there are clients that are ready to communicate via HTTP/2 protocol, and need improved user experience and page load performance.
Perform the following steps to enable HTTP/2 for a service:
- Go to the ADVANCED > System Configuration page.
- In the Advanced Settings section, set Show Advanced Settings to Yes.
- Go to the BASIC > Services page.
- In the Services section, identify the service to which you want to enable HTTP/2.
- Click Edit next to it. The Service window appears.
- In the Service window:
- Scroll down to the Advanced Configuration section.
- Set Enable HTTP2 to Yes.
- Specify values for other parameters (if required).
- Click Save.