More Info:

Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected. HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1’s chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.

Risk Level

Low

Address

Performance, Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

To remediate the HTTP 2.0 disabled misconfiguration in Azure using the Azure console, you can follow these steps:

  1. Log in to the Azure portal and navigate to the App Service that needs to be configured.

  2. Under the Settings section, select Configuration.

  3. Scroll down to the General settings section, and locate the HTTP version configuration.

  4. Change the HTTP version configuration to “2.0” to enable HTTP 2.0.

  5. Click Save to apply the changes.

  6. Restart the App Service to ensure that the changes are applied.

  7. Once the App Service is restarted, verify that HTTP 2.0 is enabled by accessing the application through a web browser and checking the network tab of the developer tools.

By following these steps, you can remediate the HTTP 2.0 disabled misconfiguration in Azure using the Azure console.

Additional Reading: