HTTP 1.0 has security weakness related to session hijacking. I want to disable it on my web server.
You can check against the SERVER_PROTOCOL
variable in a mod-rewrite clause. Be sure to put this rule as the first one.
RewriteEngine On
RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
RewriteCond %{REQUEST_URI} !^/path/to/403/document.html$
RewriteRule ^ - [F]
The additional negative check for !^/path/to/403/document.html$
is so that the forbidden page can be shown to the users. It would otherwise lead to a recursion.