Control: 7.13 Ensure 'HTTP2' is set to 'Enabled' on Azure Application Gateway
Description
Enable HTTP/2 for improved performance, efficiency, and security. HTTP/2 protocol support is available to clients that connect to application gateway listeners only. Communication with backend server pools is always HTTP/1.1.
Enabling HTTP/2 supports use of modern encrypted connections.
Remediation
Remediate from Azure Portal
- Go to
Application gateways. - Click the name of an application gateway.
- Under
Settings, clickConfiguration. - Under
HTTP2, clickEnabled. - Click
Save. - Repeat steps 1-5 for each application gateway requiring remediation.
Remediate from Azure CLI
For each application gateway requiring remediation, run the following command to enable HTTP2:
az network application-gateway update --resource-group <resource-group> --name <application-gateway> --http2 Enabled
Remediate from PowerShell
Run the following command to get the application gateway in a resource group with a given name:
$gateway = Get-AzApplicationGateway -ResourceGroupName <resource-group> -Name <application-gateway>
Run the following command to enable HTTP2:
$gateway.EnableHttp2 = $true
Run the following command to apply the update:
Set-AzApplicationGateway -ApplicationGateway $gateway
Repeat for each application gateway requiring remediation.
Default Value
HTTP2 is enabled by default.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v500_7_13Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v500_7_13 --shareSQL
This control uses a named query:
select ag.id as resource, case when enable_http2 then 'ok' else 'alarm' end as status, case when enable_http2 then ag.name || ' HTTP2 enabled.' else ag.name || ' HTTP2 disabled.' end as reason , ag.resource_group as resource_group , sub.display_name as subscriptionfrom azure_application_gateway as ag left join azure_subscription as sub on sub.subscription_id = ag.subscription_id;