HTTP/2 has become the default protocol for most production web environments, but managing it at scale still exposes operational gaps that many load balancers struggle to address: inflexible routing, unreliable health checks, inconsistent URL rewriting, and TLS negotiation issues with multi-hosted backends.

We’ve just released SKUDONET Enterprise Edition 10.2.1 to address several of these challenges directly.

This update focuses on three key areas that matter in production: more granular control over HTTP/2 traffic routing, improved reliability across clustered and migrated infrastructures, and a fix for a newly disclosed security vulnerability.

Here’s what’s new and why it’s worth upgrading.

What’s New in SKUDONET Enterprise Edition 10.2.1?

Advanced Layer 7 Routing for HTTP/2 Farms

In complex application delivery architectures, not all HTTP/2 traffic should follow the same path. Different backend services—such as APIs, static assets, and authentication endpoints—often require different routing logic. Until now, achieving this level of granularity in HTTP/2 environments required workarounds.

We’ve added NFMark-based routing policies for HTTP/2 farms. NFMark (network mark) is a Linux kernel mechanism that allows network packets to be tagged and routed according to those tags. This capability is now available directly within the HTTP/2 farm configuration, eliminating the need for external routing layers.

This is especially valuable for organizations running microservices or multi-tenant architectures, where traffic segmentation is a requirement rather than an option.

What does this enable?

  • Route HTTP/2 traffic to specific backend pools based on request origin or type.
  • Separate traffic flows for services with different SLA requirements.
  • Reduce operational complexity in multi-backend HTTP/2 deployments.

Automatic Path Rewrite Handling for Redirects

When an application generates a redirect, it typically includes a Location header pointing to the next URL. In environments where Path Rewrite is enabled, these backend-generated headers may point to internal paths that are inaccessible to end users, resulting in broken redirects.

This no longer requires manual handling. With Path Rewrite enabled on a farm, SKUDONET automatically rewrites Location headers in redirect responses so they point to the correct public URL.

For teams managing applications with complex URL structures or legacy redirect logic, this removes a common source of silent failures.

Improved Cluster Management Interface

A high-availability cluster is only valuable if it’s easy to monitor and manage on a daily basis.

We’ve improved the System Cluster interface so that node status, cluster health, and administrative tasks are now easier to access from a single view.

These improvements are designed to reduce operational friction, with fewer clicks to find relevant information, clearer status indicators, and a more intuitive layout for teams managing multi-node deployments.

Reliability Improvements

Farmguardian Now Fully Supports HTTP/2

Farmguardian is SKUDONET’s built-in health-check engine. It continuously monitors backend server availability and automatically removes failed nodes from the active pool—a critical mechanism for maintaining production uptime.

Until now, Farmguardian’s health-check scripts had limited compatibility with HTTP/2 load balancers.

That integration is now complete. Farmguardian fully supports HTTP/2 farms, ensuring reliable backend monitoring and automatic failover regardless of the protocol in use.

Easier HTTP/2 Farm Migrations

Migrating existing HTTP/2 farms previously required administrators to manually configure routing marks for backends that didn’t already have them.

SKUDONET now automatically detects missing routing marks during migration and configures them without administrator intervention.

This reduces migration risk and helps prevent errors in environments where manual configuration steps can easily be overlooked.

More Reliable Path Rewrite

We’ve fixed an edge case in the Path Rewrite engine that could occasionally introduce unexpected characters into rewritten URLs, resulting in malformed paths that were difficult to diagnose.

URL rewriting is now consistent and predictable across all configurations.

WAF Logs Now Include Request Duration

When the Web Application Firewall (WAF) blocks a request, the log now correctly records the request duration.

Previously, this information was missing from blocked-request log entries, making it more difficult to correlate WAF events with performance data during troubleshooting or security audits.

With accurate request duration logging, security teams can now determine whether blocked requests were also contributing to latency spikes, providing valuable insight when analyzing coordinated attacks or reviewing compliance logs.

SNI Fix for HTTPS Backends (HTTP2TLS Farms)

In environments using virtual-hosted HTTPS backends, where multiple services share the same IP address but are differentiated by hostname, proper Server Name Indication (SNI) handling during the TLS handshake is essential. Without it, backend servers may reject the connection or present the wrong certificate.

We’ve fixed an issue affecting HTTP2TLS farms where the correct SNI value was not always forwarded during the TLS handshake.

This improves compatibility with HTTPS backends and prevents connection failures in environments with multiple virtual hosts behind the load balancer.

Security Update: CVE-2026-44431

This release also includes a fix for CVE-2026-44431, a vulnerability disclosed recently.

We strongly recommend that all Enterprise Edition customers upgrade as soon as possible to keep their platforms protected.

Maintaining an up-to-date patch level remains one of the most effective defenses against known vulnerabilities.

Should I Upgrade?

This release is particularly relevant if:

  • You manage HTTP/2 farms and need more granular traffic routing.
  • You use Path Rewrite and have experienced redirect or URL issues.
  • You manage clustered SKUDONET deployments and want better operational visibility.
  • You rely on Farmguardian to monitor backends in HTTP/2 environments.
  • You’re running any version earlier than 10.2.1 (the security patch applies to all Enterprise customers).

If you have an active Enterprise subscription, we recommend planning your upgrade as soon as possible, especially because of the included security fix.

FAQ

What is NFMark-based routing in HTTP/2?

NFMark (network mark) is a Linux kernel feature that assigns tags to network packets. SKUDONET uses these marks in HTTP/2 farms to apply intelligent routing policies, directing traffic to different backends based on predefined rules without requiring additional routing infrastructure.

What does Farmguardian do in SKUDONET?

Farmguardian is SKUDONET’s built-in health-check engine. It continuously monitors backend server availability and automatically removes unhealthy nodes from the active pool, ensuring traffic is sent only to operational servers.

Why is SNI important for HTTPS backends?

SNI (Server Name Indication) is a TLS extension that tells the server which hostname the client is trying to reach during the TLS handshake.

In environments where multiple HTTPS services share the same backend IP address, a missing or incorrect SNI may cause the server to present the wrong certificate or reject the connection altogether.

How do I upgrade to the latest version of SKUDONET Enterprise Edition?

If you have an active Enterprise subscription, you can upgrade through the standard update process.

If you need assistance or have questions about your specific deployment, please contact the SKUDONET support team.

The latest version of SKUDONET Enterprise Edition strengthens HTTP/2 routing, improves cluster reliability, and enhances platform security.

It is now available to all Enterprise customers with an active subscription.