π Azure App Service does not run the latest HTTP version π’
- Contextual name: π App Service does not run the latest HTTP version π’
- ID:
/ce/ca/azure/app-service/latest-http-version - Located in: π Azure App Service
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITYRELIABILITYPERFORMANCE
Similar Policiesβ
- Cloud Conformity
- Internal
dec-x-345591b3
Similar Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-345591b3 | 1 |
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.
Rationaleβ
Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected.
HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.
Impactβ
Most modern browsers support HTTP 2.0 protocol over TLS only, while non-encrypted traffic continues to use HTTP 1.1. To ensure that client browsers connect to your app with HTTP/2, either buy an App Service Certificate for your app's custom domain or bind a third-party certificate.
... see more
Remediationβ
Remediationβ
From Azure Portalβ
- Login to Azure Portal using https://portal.azure.com.
- Go to
App Services.- Click on each App.
- Under
Settingsection, Click onConfiguration.- Set
HTTP versionto2.0underGeneral settings.NOTE: Most modern browsers support HTTP 2.0 protocol over TLS only, while non-encrypted traffic continues to use HTTP 1.1. To ensure that client browsers connect to your app with HTTP/2, either buy an App Service Certificate for your app's custom domain or bind a third party certificate.
From Azure CLIβ
To set HTTP 2.0 version for an existing app, run the following command:
az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --http20-enabled trueFrom PowerShellβ
To enable HTTP 2.0 version support, run the following command:
Set-AzWebApp -ResourceGroupName <app resource group> -Name <app name> -Http20Enabled $true