More Info:

Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected. HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1’s chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.

Risk Level

Low

Address

Performance, Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

To remediate the HTTP 2.0 disabled misconfiguration in Azure using the Azure console, you can follow these steps:
  1. Log in to the Azure portal and navigate to the App Service that needs to be configured.
  2. Under the Settings section, select Configuration.
  3. Scroll down to the General settings section, and locate the HTTP version configuration.
  4. Change the HTTP version configuration to “2.0” to enable HTTP 2.0.
  5. Click Save to apply the changes.
  6. Restart the App Service to ensure that the changes are applied.
  7. Once the App Service is restarted, verify that HTTP 2.0 is enabled by accessing the application through a web browser and checking the network tab of the developer tools.
By following these steps, you can remediate the HTTP 2.0 disabled misconfiguration in Azure using the Azure console.

To remediate HTTP 2.0 disabled misconfiguration in Azure using Azure CLI, you can follow the below steps:Step 1: Open Azure CLI and login to your Azure account.
az login
Step 2: Check the current status of HTTP 2.0 on the web app.
az webapp show --resource-group <resource-group-name> --name <web-app-name> --query http20Enabled
Step 3: If the output of the above command is false, then HTTP 2.0 is disabled for the web app. To enable it, run the below command:
az webapp update --resource-group <resource-group-name> --name <web-app-name> --http20-enabled true
Step 4: Verify that HTTP 2.0 is enabled by running the below command:
az webapp show --resource-group <resource-group-name> --name <web-app-name> --query http20Enabled
Step 5: Once verified, you have successfully remediated the HTTP 2.0 disabled misconfiguration for your Azure web app.Note: Replace <resource-group-name> and <web-app-name> with your actual resource group and web app name respectively.
To remediate the HTTP 2.0 Disabled misconfiguration in Azure using Python, you can use the Azure SDK for Python. Here are the step-by-step instructions:
  1. Install the Azure SDK for Python by running the following command in your terminal: 
    pip install azure
  2. Import the necessary modules: 
    from azure.mgmt.web import WebSiteManagementClient
from azure.common.credentials import ServicePrincipalCredentials
  3. Authenticate with Azure using a service principal: 
    credentials = ServicePrincipalCredentials(
    client_id='<your_client_id>',
    secret='<your_client_secret>',
    tenant='<your_tenant_id>'
)
  4. Create a WebSiteManagementClient object: 
    client = WebSiteManagementClient(credentials, '<your_subscription_id>')
  5. Get the resource group and site name for the web app: 
    resource_group_name = '<your_resource_group_name>'
site_name = '<your_site_name>'
  6. Get the current site configuration: 
    site_config = client.web_apps.get_configuration(resource_group_name, site_name)
  7. Check if HTTP 2.0 is already enabled: 
    if site_config.http20_enabled:
    print('HTTP 2.0 is already enabled.')
else:
    # Enable HTTP 2.0
    site_config.http20_enabled = True
    client.web_apps.update_configuration(resource_group_name, site_name, site_config)
    print('HTTP 2.0 has been enabled.')
    This code checks if HTTP 2.0 is already enabled. If it is, it prints a message saying so. If it is not, it enables HTTP 2.0 and prints a message saying it has been enabled.
  8. Run the code and verify that HTTP 2.0 has been enabled for your web app. 
    python remediate_http2_disabled.py

Additional Reading: