Azure Http2 Disabled
Description
Detects Azure App Services that have HTTP/2 protocol disabled, which may impact performance and security. HTTP/2 provides improved security through mandatory encryption, better performance through multiplexing, and enhanced protocol-level security features compared to HTTP/1.1.
Detection Strategy
• Checks each Azure App Service's site configuration for the 'http20_enabled' setting
• Reports a vulnerability if HTTP/2 is disabled (http20_enabled is false or not set)
• Identifies affected resources using the App Service's resource ID and configuration path
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.