App Service HTTP2 Disabled
- Query id: 525b53be-62ed-4244-b4df-41aecfcb4071
- Query name: App Service HTTP2 Disabled
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
App Service should have 'http2_enabled' enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_app_service" "positive1" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Positive test num. 2 - tf file
resource "azurerm_app_service" "positive2" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.2
}
}
Positive test num. 3 - tf file
resource "azurerm_app_service" "positive3" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.2
http2_enabled = false
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_app_service" "negative" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.2
http2_enabled = true
}
}