Skip to main content
With Traffic Policy, you can prevent obsolete and potentially vulnerable browsers, SDKs, or CLI tools like curl from attempting to access your API. This rule:
  1. Uses the conn.tls.version connection variable to check the incoming request’s TLS version.
  2. Rejects versions below 1.3 with a 401 Unauthorized response.
on_http_request:
- name: Reject requests using old TLS versions
  expressions:
  - conn.tls.version < '1.3'
  actions:
  - type: custom-response
    config:
      status_code: 401
      body: 'Unauthorized: TLS version too old'
See the custom-response Traffic Policy action docs for more information.