Risk Level: Medium
Description
This plugin ensures the latest HTTP version is enabled for App Services. Enabling HTTP 2.0 ensures that the App Service has the latest technology which improves server performance. HTTP 2.0 is able to send several requests in rapid succession on the same TCP connection, eliminating the need for multiple connections between the client and the server. This dramatically increases page load speeds for the application.
About the Service
App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data.
Impact
Using HTTP 1.1 has various security concerns (e.g. prone to DNS spoofing) out of which many are resolved in the upgraded version 2. HTTP 2.0 will not only provide faster speed for your system and client conversation but also the data errors are reduced.
Steps to Reproduce
- Log in to the Azure portal.
- Click on App Services.
- Select an App Service plan from the listed apps.
- Click on Configuration under Settings.
- Go to the General settings section.
- Under Platform, settings check the version of HTTP mentioned in front of the HTTP version. If the value is 1.1 go to the Steps for Remediation section.
- Repeat the steps and check the issue for other web applications as well.
Steps for Remediation
- Log in to the Azure portal.
- Click on App Services.
- Select an App Service plan from the listed apps.
- Click on Configuration under Settings.
- Go to the General settings section.
- Under Platform Settings click on the HTTP drop-down menu and select version 2.0.
- Repeat the process for all the web applications with HTTP version not set to 2.0.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support