Is HTTP/2 the "Final Boss" for open-source firewalls?

sonertari@infosec.exchange

Is HTTP/2 the "Final Boss" for open-source firewalls? ️

For years, we’ve been forced to "downgrade" traffic just to inspect it. As a FOSS developer, I spent months trying to bridge the gap between HTTP/2 and legacy inspection tools in SSLproxy.

The result? A "Concurrency Density Spike" that can overwhelm even the best C-based proxies.

In my latest article, I break down why we need to stop fighting the "Binary Frame" war and start focusing on the ICAP Path. It’s not just a fix for H2—it’s our only real ticket to supporting HTTP/3 (QUIC) and finally unblocking UDP port 443 without losing visibility.

#OpenSource #CyberSecurity #InfoSec #NetworkSecurity #HTTP2 #HTTP3 #SSLproxy #Suricata #Firewall #ICAP #SystemArchitecture

I Tried to Add HTTP/2 to SSLproxy. Here is Why I Stopped. (We Need ICAP.)

Discover why Divert Mode creates a "density spike" in SSLproxy and why the ICAP path is the future for H2/H3 support in open-source firewalls like Suricata.

(www.linkedin.com)