Description
This policy identifies Azure Application Gateways that do not utilize HTTP/2. Consider enabling HTTP/2 for improved performance, efficiency, and security. HTTP/2 protocol support is available to clients that connect to application gateway listeners only. Communication with backend server pools is always HTTP/1.1.
Rationaleβ
Enabling HTTP/2 supports use of modern encrypted connections.
Impactβ
Clients and backend services that do not support HTTP/2 will fall back to HTTP/1.1.
Auditβ
This policy flags an Azure Application Gateway as INCOMPLIANT if it HTTP/2 traffic is not Enabled.
Default Valueβ
HTTP2 is enabled by default.
Referencesβ
- https://learn.microsoft.com/en-us/azure/application-gateway/features#websocket-and-http2-traffic
- https://learn.microsoft.com/en-us/cli/azure/network/application-gateway
- https://learn.microsoft.com/en-us/powershell/module/az.network/get-azapplicationgateway
- https://learn.microsoft.com/en-us/powershell/module/az.network/set-azapplicationgateway