Enable Http2 | Vulnerability Database

Web App uses the latest HTTP version

Use the latest version of HTTP to ensure you are benefiting from security fixes

Impact

Outdated versions of HTTP has security vulnerabilities

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Log in to the Microsoft Azure Management Console.
Find the search bar at the top and search for App Services.
Select the “App Service” by clicking on “Name” to go to its configuration.
Scroll down the selected “App Services” left navigation panel and under “Settings” click on the “Configuration” option.
On the “Configuration” page select the “General settings” tab, scroll down and under the “HTTP version” check the value. It’s recommended to use version 2.0 to improve performance.
If the “HTTP version” is not set to the latest version 2.0, then select version 2.0 from the dropdown.
Click on the “Save” button at the top to make the changes.
Click “Continue” in the confirmation pop up to save the changes.
Repeat steps number 3 - 8 to verify all other “Apps” are using latest HTTP protocol version in the account.

Use the latest version of HTTP

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


 resource "azurerm_app_service" "good_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id
 
   site_config {
 	  http2_enabled = true
   }
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#http2_enabled