Skip to main content

πŸ›‘οΈ Azure Application Gateway HTTP2 protocol is not enabled🟒

  • Contextual name: πŸ›‘οΈ Application Gateway HTTP2 protocol is not enabled🟒
  • ID: /ce/ca/azure/application-gateway/gateway-http2-protocol
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY

Logic​

Description​

Open File

Description​

This policy identifies Azure Application Gateways that do not utilize HTTP/2. Consider enabling HTTP/2 for improved performance, efficiency, and security. HTTP/2 protocol support is available to clients that connect to application gateway listeners only. Communication with backend server pools is always HTTP/1.1.

Rationale​

Enabling HTTP/2 supports use of modern encrypted connections.

Impact​

Clients and backend services that do not support HTTP/2 will fall back to HTTP/1.1.

Audit​

This policy flags an Azure Application Gateway as INCOMPLIANT if it HTTP/2 traffic is not Enabled.

Default Value​

HTTP2 is enabled by default.

References​

  1. https://learn.microsoft.com/en-us/azure/application-gateway/features#websocket-and-http2-traffic
  2. https://learn.microsoft.com/en-us/cli/azure/network/application-gateway
  3. https://learn.microsoft.com/en-us/powershell/module/az.network/get-azapplicationgateway
  4. https://learn.microsoft.com/en-us/powershell/module/az.network/set-azapplicationgateway

Remediation​

Open File

Remediation​

From Azure Portal​

  1. Go to Application gateways.
  2. Click the name of an application gateway.
  3. Under Settings, click Configuration.
  4. Under HTTP2, click Enabled.
  5. Click Save.
  6. Repeat steps 1-5 for each application gateway requiring remediation.

From Azure CLI​

For each application gateway requiring remediation, run the following command to enable HTTP2:

az network application-gateway update --resource-group {{resource-group}} --name {{application-gateway}} --http2 Enabled

From PowerShell​

Run the following command to get the application gateway in a resource group with a given name:

$gateway = Get-AzApplicationGateway -ResourceGroupName {{resource-group}} -Name {{application-gateway}}

Run the following command to enable HTTP2:

$gateway.EnableHttp2 = $true

Run the following command to apply the update:

Set-AzApplicationGateway -ApplicationGateway $gateway

Repeat for each application gateway requiring remediation.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό CIS Azure v5.0.0 β†’ πŸ’Ό 7.13 Ensure 'HTTP2' is set to 'Enabled' on Azure Application Gateway (Automated)1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Threat Protection48no data