Skip to main content
With Traffic Policy, you can prevent obsolete and potentially vulnerable browsers, SDKs, or CLI tools like curl from attempting to access your API. This rule:
  1. Uses the conn.tls.version connection variable to check the incoming request’s TLS version.
  2. Rejects versions below 1.3 with a 401 Unauthorized response.
on_http_request:
- name: Reject requests using old TLS versions
  expressions:
  - conn.tls.version < '1.3'
  actions:
  - type: custom-response
    config:
      status_code: 401
      body: 'Unauthorized: TLS version too old'
{
  "on_http_request": [
    {
      "name": "Reject requests using old TLS versions",
      "expressions": [
        "conn.tls.version < '1.3'"
      ],
      "actions": [
        {
          "type": "custom-response",
          "config": {
            "status_code": 401,
            "body": "Unauthorized: TLS version too old"
          }
        }
      ]
    }
  ]
}
See the custom-response Traffic Policy action docs for more information.