Ensure function app uses the latest HTTP version

Error: Azure function app does not use HTTP 2.0

Bridgecrew Policy ID: BC_AZR_GENERAL_52
Checkov Check ID: CKV_AZURE_67
Severity: MEDIUM

Azure function app does not use HTTP 2.0

Description

This policy identifies Azure Function App which doesn't use HTTP 2.0. HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritisation of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.

Fix - Runtime

In Azure Console

  1. Log in to the Azure portal
  2. Navigate to Function App
  3. Click on the reported Function App
  4. Under Setting section, Click on 'Configuration'
  5. Under 'General Settings' tab, In 'Platform settings', Set 'HTTP version' to '2.0'
  6. Click on 'Save'.

In Azure CLI

If Function App Hosted in Linux using Consumption (Serverless) Plan follow below steps Azure CLI Command

- az functionapp config set --http20-enable true --name MyFunctionApp --resource-group MyResourceGroup

Fix - Buildtime

Terraform

  • Resource: azurerm_function_app
  • Argument: site_config.http2_enabled
resource "azurerm_function_app" "example" {
           ...
+          site_config {
+          http2_enabled = true
          }
        }