Azure App Service Web App Doesn't Use HTTP 2.0

HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

Azure App Service Web app doesn't use HTTP 2.0.
JSON Query:
$.resource[*].azurerm_app_service.*.*.* size > 0 and ($.resource[*].azurerm_app_service[*].*.*.http2_enabled anyNull or $.resource[*].azurerm_app_service[*].*.*.http2_enabled anyFalse)
Recommendation:
Recommended solution for making sure App Service Web app uses HTTP 2.0.
It is recommended that Azure App Service Web app uses HTTP 2.0. Please make sure your template has "http2_enabled" and it is set to true.
For example:
"azurerm_app_service": [ { "<app_service_name>": [ { "location": "${azurerm_resource_group.example.location}", "name": "example-app-service", "resource_group_name": "${azurerm_resource_group.example.name}", "http2_enabled": true } ] } ]

Run Rule Recommendation

  1. Log in to the Azure portal.
  2. Navigate to App Services.
  3. Click on the reported App.
  4. Under Setting section, Click on 'Configuration'.
  5. Under 'General Settings' tab, In 'Platform settings', Set 'HTTP version' to '2.0'.
Remediation CLI Command:
az webapp config set --resource-group ${resourceGroup} --name ${resourceName} --http20-enabled true
CLI Command Description:
This CLI command requires 'Microsoft.Web/sites/{app_name}/config/*' permission. Successful execution sets HTTP version to 2.0, which has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests.

Compliance

There is 1 standard that is applicable to this policy:
  • CIS v1.1 (Azure)

Recommended For You