Is HTTP/2 the "Final Boss" for open-source firewalls?

sonertari@infosec.exchange

Is HTTP/2 the "Final Boss" for open-source firewalls? ️

For years, we’ve been forced to "downgrade" traffic just to inspect it. As a FOSS developer, I spent months trying to bridge the gap between HTTP/2 and legacy inspection tools in SSLproxy.

The result? A "Concurrency Density Spike" that can overwhelm even the best C-based proxies.

In my latest article, I break down why we need to stop fighting the "Binary Frame" war and start focusing on the ICAP Path. It’s not just a fix for H2—it’s our only real ticket to supporting HTTP/3 (QUIC) and finally unblocking UDP port 443 without losing visibility.

#OpenSource #CyberSecurity #InfoSec #NetworkSecurity #HTTP2 #HTTP3 #SSLproxy #Suricata #Firewall #ICAP #SystemArchitecture

https://www.linkedin.com/pulse/i-tried-add-http2-sslproxy-here-why-stopped-we-need-icap-soner-tari-7x7mf